All guides
Low ISO 27001 A.8.9 CIS Controls CIS 4

Disable directory listing

When a directory has no index file, some servers list its contents — exposing files you never meant to publish.

Why it matters

Open directory listings leak file names, backups, uploads and internal structure that help an attacker map your site and find sensitive files.

How to fix it

Turn off automatic indexing at the server, or drop an index file into browsable directories.

# Apache
Options -Indexes

# nginx (default is off; ensure it is not enabled)
autoindex off;

Is your domain affected?

Prove ownership and run a scan for a graded, verifiable report.

Related guides

Compliance references are indicative mapping, not legal advice. Automated scanning is evidence and monitoring, not a guarantee of compliance.