https://redmine.lighttpd.net/https://redmine.lighttpd.net/favicon.ico?13667327412021-06-08T19:29:43Zlighty labsLighttpd - Feature #3085: Make dir listing error from 403 to 404 (or configureable over Config file)https://redmine.lighttpd.net/issues/3085?journal_id=124862021-06-08T19:29:43Zgstrauss
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Invalid</i></li></ul><blockquote>
<p>Due to some security issues detected by Nexus Scan, it would be good if the directories which are not allowed to be listed return 404 instead of 403.</p>
</blockquote>
<p>No details provided to back up your statements. No references.<br />Therefore, your statement is not credible. "it would be good if" is a laughable and unsubstantiated statement from you.</p>
<p>Also, if you review your post history on this site, you tend to post before reading documentation: <a class="wiki-page" href="https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ConfigurationOptions">Docs_ConfigurationOptions</a></p>
<p>lighttpd provides at least four different ways for you to control how errors documents are served.<br /><code>server.error-handler</code><br /><code>server.error-handler-404</code><br /><a class="wiki-page" href="https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModMagnet">mod_magnet</a> <code>magnet.attract-response-start-to</code><br />You can also configure lighttpd.conf to deactivate <a class="wiki-page" href="https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModDirListing">mod_dirlisting</a> for forbidden dirs, or to enable <a class="wiki-page" href="https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModDirListing">mod_dirlisting</a> only for allowed dirs.<br />In some situations -- I don't know yours specifically -- you can keep restricted material outside of the web document root, and can use <a class="wiki-page" href="https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModAlias">mod_alias</a> (only if needed) to allow specific access to directory trees outside the web document root.</p>
<p>I henceforth intend to immediately Invalidate any of your posts to the lighttpd issue tracker. Please post in the "Forums" (see tab at top of page), and only after you have tried to find some solution(s) by reading the documentation.</p>