Is it possible to get a list of files under a directory of a website? How?

webserver
morpheus picture morpheus · Oct 24, 2010 · Viewed 442.1k times · Source

Say I have a website www.abc.com. Under the website directory there is a page secret.html. It can be accessed directly like www.abc.com/secret.html, but there are no pages that link to it. Is it possible to discover this page, or will it remain hidden from outside world?

Answer

nsanders picture nsanders · Oct 24, 2010

If you have directory listing disabled in your webserver, then the only way somebody will find it is by guessing or by finding a link to it.

That said, I've seen hacking scripts attempt to "guess" a whole bunch of these common names. "secret.html" would probably be in such a guess list.

The more reasonable solution is to restrict access using a username/password via a htaccess file (for apache) or the equivalent setting for whatever webserver you're using.

Related questions

Using node.js as a simple web server

I want to run a very simple HTTP server. Every GET request to example.com should get index.html served to it but as a regular HTML page (i.e., same experience as when you read normal web pages). Using …

Read More
What is the difference between application server and web server?

What is the difference between application server and web server?

Read More
ssl_error_rx_record_too_long and Apache SSL

I've got a customer trying to access one of my sites, and they keep getting this error > ssl_error_rx_record_too_long They're getting this error on all browsers, all platforms. I can't reproduce the problem at all. …

Read More