Directory enumeration through 403 status code -- the fix?

[mb-uk <mark () beynonmail co uk>]

I am reviewing a pen test report, and issue to be looked at is directory
enumeration on a web server via 403 status codes.  I have looked into how to
fix this, and the only options I can find are custom ISAPI filters on the
ISS server, or content manipulation on the layer 7 loadbalancers (ideally
like to avoid this). I have implemented custom error messages to visually
remove the symptons, but the 403 status code persists.

Can any one advise of alternatives, or any pointers to ISAPI filters?

Appreciate your input.

Thanks!
-- 
View this message in context: 
http://www.nabble.com/Directory-enumeration-through-403-status-code----the-fix--tp18377628p18377628.html
Sent from the Penetration Testing mailing list archive at Nabble.com.


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------