4.5 Disabled directory browsing¶
Verify that directory browsing is disabled unless deliberately desired. Additionally, applications should not allow discovery or disclosure of file or directory metadata, such as Thumbs.db, .DS_Store, .git or .svn folders.
Levels: 1, 2, 3
This is typically a webserver feature concern (Apache, IIS, Nginx, etc.) that may be on by default and should be turned off.