location / { autoindex off; } : Disable directory browsing in feature settings. 2. Set Correct Document Root Never set your web root to / . Use /var/www/html or a specific non-system directory. 3. Restrict Web Server Permissions Run the web server as a non-privileged user (e.g., www-data , nginx ). Ensure this user has no read access to /dev beyond what is necessary (e.g., /dev/urandom for PHP sessions, but not raw devices). Use filesystem ACLs or chmod to block access. 4. Scan for Exposed Directories Use tools like gobuster , dirb , or nmap http-enum to scan your own server for hidden index listings. Also, search your domain on Google using: site:example.com intitle:"index of" "dev" 5. Use robots.txt (Not a Security Measure, but a Cleanup Step) Disallow crawling of sensitive paths:
This indicates that a web server is exposing the contents of a directory named d inside a directory named dev relative to its web root (e.g., http://example.com/dev/d/ ). This is not standard behavior. Linux systems have a /dev/ directory, but it is never (or should never be) served directly over HTTP. index of dev d
<Directory /var/www/html> Options -Indexes AllowOverride None </Directory> : Ensure autoindex is off (default is off): location / { autoindex off; } : Disable
Index of /dev/d [ICO] Name Last modified Size Description Use /var/www/html or a specific non-system directory