直接訪問後可以看到列表:
響應包含目錄的內容(目錄列表)。這表示伺服器允許列示目錄(通常不推薦此做法)
修改伺服器配置以拒絕目錄列表,修改httpserver的配置:/opt/ibm/httpserver/conf 的httpd.conf,看到
## possible values for the options directive are "none", "all",
# or any combination of:
# indexes includes followsymlinks symlinksifownermatch execcgi multiviews
## note that "multiviews" must be named *explicitly* --- "options all"
# doesn't give it to you.
## the options directive is both complicated and important. please see
# # for more information.
#options indexes followsymlinks *****==>options followsymlinks(去掉indexes即可,表示不允許訪問目錄列表的意思)或者加上-號:options -indexes followsymlinks
## allowoverride controls what directives may be placed in .htaccess files.
# it can be "all", "none", or any combination of the keywords:
# options fileinfo authconfig limit
#allowoverride none
## controls who can get stuff from this server.
#order allow,deny
allow from all
appscan 安全漏洞修復
1.會話標識未更新 登入頁面加入以下 request.getsession true invalidate 清空session cookie cookie request.getcookies 0 獲取cookie cookie.setmaxage 0 讓cookie過期 不是很明白session的...
AppScan安全漏洞報告
b 1.會話cookie 中缺少httponly 屬性。b 修復任務 向所有會話cookie 新增 httponly 屬性 解決方案,過濾器中,httponly是微軟對cookie做的擴充套件,該值指定 cookie 是否可通過客戶端指令碼訪問,解決使用者的cookie可能被盜用的問題,減少跨站指令...
Appscan安全漏洞修復
1.會話標識未更新 登入頁面加入以下 request.getsession true invalidate 清空session cookie cookie request.getcookies 0 獲取cookie cookie.setmaxage 0 讓cookie過期 request.getse...