Directory browsing disable in IIS however application log files were disclosed within the ‘log’ folder
I set the Directory Browsing to false in IIS. After that it is not possible to list files in directories on website. It works! However I can browse the file path through the http link. The following example screenshot below shows that sensitive information such as application log were disclosed within the ‘log’ folder through directory listing of the web server
How to disable file browsing also?
You can set permissions for these files so that users don’t have access. Click on your website in the sites and right-click find switch to the content view, you can see your website documents and then edit the permissions for the file. You can directly select the hidden option in the attributes. In this way, the visiting user will not be able to see it.