Last edited:
Hi there.
I have DS120j. Installed WEB Station, Apache 2.4 and PHP 7.2. All up-to-date as of 15.12.2020.
Although WEB Directory browsing is disabled by default (cannot list directories under /web/* - directory under my control), if I enter mysite/icons/ OR mysite /icons/small/ I get following response:
Is there ANY way to prevent this listing ?
CyberSec company execued a PEN SCAN and voila - SEVERE vulnerability.
Another question - what are the needed steps/tutorial to include X-Frame-Options DENY header in the Apache response ? This was rated as MEDIUM vulnerability.
All modifications should be permanent, so restart of my NAS won't overwrite these settings with it's defaults.
I have DS120j. Installed WEB Station, Apache 2.4 and PHP 7.2. All up-to-date as of 15.12.2020.
Although WEB Directory browsing is disabled by default (cannot list directories under /web/* - directory under my control), if I enter mysite/icons/ OR mysite /icons/small/ I get following response:
Is there ANY way to prevent this listing ?
CyberSec company execued a PEN SCAN and voila - SEVERE vulnerability.
Another question - what are the needed steps/tutorial to include X-Frame-Options DENY header in the Apache response ? This was rated as MEDIUM vulnerability.
All modifications should be permanent, so restart of my NAS won't overwrite these settings with it's defaults.
