Penetration Testing mailing list archives
Directory enumeration through 403 status code -- the fix?
From: mb-uk <mark () beynonmail co uk>
Date: Thu, 10 Jul 2008 01:19:58 -0700 (PDT)
I am reviewing a pen test report, and issue to be looked at is directory enumeration on a web server via 403 status codes. I have looked into how to fix this, and the only options I can find are custom ISAPI filters on the ISS server, or content manipulation on the layer 7 loadbalancers (ideally like to avoid this). I have implemented custom error messages to visually remove the symptons, but the 403 status code persists. Can any one advise of alternatives, or any pointers to ISAPI filters? Appreciate your input. Thanks! -- View this message in context: http://www.nabble.com/Directory-enumeration-through-403-status-code----the-fix--tp18377628p18377628.html Sent from the Penetration Testing mailing list archive at Nabble.com. ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Directory enumeration through 403 status code -- the fix? mb-uk (Jul 10)