Should the Uploads directories be browsable?

Emediate · April 22, 2022

A member pointed this out to me this morning and it's not something I had come across or considered before.

Our /forums/uploads directory is browsable - along with the corresponding monthly subdirectories which are created by IPS.

I wouldn't have thought it an issue, until the same member suggested that some of these images often contain sensitive information such as bank transfer details or account information.

Is this a bug, or expected functionality?

teraßyte · April 22, 2022

Usually an empty index.html file is created inside those folder so that nobody can browse them for files.

Also, you should be able to block this at the server level. It depends on your hosting/server config/etc though.

Marc · April 22, 2022

As mentioned, there should be an index.html file in each, that would stop them being browsable. Please check that first of all. If there is one present and you are still able to browse the folder, you need to contact your hosting company as they are not processing index.html as a default page for directories

Emediate · April 22, 2022

Thanks all. I know where to look now 🙂

Cheers.

Invision Community 4: SEO, prepare for v5 and dormant account notifications

Invision Community 5: Beta testing and latest updates

Invision Community 4: A more professional report center

Invision Community 5: A video walkthrough creating a custom theme and homepage

Should the Uploads directories be browsable?

Recommended Posts

Emediate

teraßyte

Marc

Emediate

Recently Browsing 0 members

More