If we found that the web.config file found on port 80.
What are the remediation steps?
Application is in PHP 5.3.9- Drupal 7.
The QID states this workaround:Customers are advised to prevent public access of the web.config file by applying appropriate security restrictions.
I think this is a correct recommendation, but I apologize if you already saw this and are looking for more detail.
Thanks for the help. Actually we need help for the recommended security restrictions to be applied on the web,config file.
When we check its showing Rull 644 is applied on the file.How can we make web.config file more hard to exposed.
Hello Robert, Can you help for the recommended security restrictions to be applied on the web,config file.
Permissions to block access..
Avoid directory indexing.
protect the config folder.
May be try this or something similar
sudo vim /etc/apache2/sites-available/default
and then, restart the apache service.
service apache2 restart
Since its Drupal, advice is to also look at Drupal documentation to do it.
Retrieving data ...