Description
The default settings on the IIS virtual directories that NetPublish creates allow users to browse the contents of those directories; this allows access to files that may contain sensitive information.
Solution
Turn off directory browsing on the NetPublish virtul directories; this does not affect NetPublish functionality.
NOTE: These instructions assume that the NetPublish virtual directories are set up on the default web site.
For IIS 6
- Launch Internet Information Services Manager
- Go to Web Sites > Default Web Site > “netpub”
- Right click on “netpub” and select ‘Properties’
- Under ‘Local Path’, uncheck the “Directory browsing” checkbox; click ‘Apply’, then ‘OK’. The change takes effect immediately.
- Repeat steps 2-4 for the “res” virtual directory listed underneath “netpub”.
For IIS 7
- Launch Internet Information Services Manager
- Go to Sites > Default Web Site > “netpub”
- In the Features View, double-click on ‘Directory Browsing’
- Under ‘Actions’ in the rightmost column, click “Disable”. The change takes effect immediately.
- Repeat steps 2-4 for the “res” virtual directory listed underneath “netpub”..