此篇提到了網站的目錄不受保護,或者說是敏感性資料夾名稱;簡單說就是整個網站系統有幾個資料夾被使用者得知。
Web Server Misconfiguration: Unprotected Directory ( 10224 )
Summary
IIS/Microsoft product directories were discovered within your web application during a Directory Enumeration scan. Risks associated with an attacker discovering a directory on your application server depend upon what type of directory is discovered, and what types of files are contained within it. The primary threat, other than accessing files containing sensitive discovered, and what types of files are contained within it. The primary threat, other than accessing files containing sensitive information, is that an attacker can utilize the information discovered in that directory to perform other types of attacks. Recommendations include restricting access to important directories or files by adopting a “need to know” requirement for both the document and server root, and turning off features such as Automatic Directory Listings that provide information that could be utilized by an attacker when formulating or conducting an attack.
處理方式
此篇主要使用 Hidden Segments 來封閉網站的資料夾,此種作法會讓此資料夾的 URL 連線的時候回應 404 ,直接讓此資料夾不對外連線,所以此方式適用部分檔案不對外開放的資料夾,例如一些抽取的 appsetting 檔案等。
另外一種情形則是網站要求有權限的使用者才可以下載的檔案,這些資料夾路徑假如也是此種弱點的話,有兩種方式處理:
- 變換資料夾名稱,讓人不那麼容易一眼猜出其內容
- 轉換程式作法,檔案需要透過網站程式轉換資料流去提供使用者下載
IIS 設定方式
- 選擇要求篩選 (Request Filtering)
- 選擇隱藏區段 (Hidden Segments)
- 點選隱藏區段… (Add Hidden Segment…)
- 設定要隱藏的名稱
web.config 設定
設定方式很簡單,如下
1 | <system.webServer> |
假如想要設定副檔名、指令動詞、高位元字元,可以參考下列的設定,這幾項設定都是 true 或是 false 設定
1 | <system.webServer> |
呈現效果
設定完成後,其頁面會回傳 404.8
