Directory Listing - CybseSec vulnerability problem

Currently reading
Directory Listing - CybseSec vulnerability problem

Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. Android
  2. iOS
Last edited:
Hi there.

I have DS120j. Installed WEB Station, Apache 2.4 and PHP 7.2. All up-to-date as of 15.12.2020.

Although WEB Directory browsing is disabled by default (cannot list directories under /web/* - directory under my control), if I enter mysite/icons/ OR mysite /icons/small/ I get following response:


Is there ANY way to prevent this listing ?

CyberSec company execued a PEN SCAN and voila - SEVERE vulnerability.

Another question - what are the needed steps/tutorial to include X-Frame-Options DENY header in the Apache response ? This was rated as MEDIUM vulnerability.

All modifications should be permanent, so restart of my NAS won't overwrite these settings with it's defaults.

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Old thread notice: There have been no replies in this thread for quite some time. The last reply was on .
The content in this thread may no longer be relevant. It might be better to open a new thread instead.

Welcome to! is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!