Apache (Basic Auth):
<Directory /var/www/private-images>
AuthType Basic
AuthName "Private Images"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
Options +Indexes # Still safe because auth required
</Directory>
Directory listing is a feature that allows web servers to generate an HTML index of files in a directory when no default index file (e.g., index.html) is present. When enabled on a parent directory containing private images, an attacker can browse, download, or index the entire image collection. This paper focuses on: parent directory index of private images install
To understand the threat, we must break the keyword into its four anatomical parts. Directory listing is a feature that allows web