Directory Listing

What It Means

This request attempted to list the files in a directory of your application.

Why It Matters

Directory listing attacks try to expose the structure and contents of your application’s file system. Attackers use this technique to discover sensitive files like .git directories, .env files with secrets, database backups, or previously uploaded backdoors that they can then exploit.

Common Triggers

Requests targeting directory paths without a specific filename, or requests using special characters and path traversal techniques designed to trigger the web server’s directory listing functionality.

What To Do

These blocks are protecting sensitive files from being discovered. They are safe to leave in place. If your application legitimately serves directory listings to users (uncommon for most web applications), use Path Allowlisting to exempt those specific paths.