DOMAIN DEFAULT SECURITY
DOMAIN DEFAULT SECURITY
[POLICY] > (Select Domain Group) > [Policy Settings] > DOMAIN POLICY > [DOMAIN DEFAULT SECURITY]
This policy identifies and restricts abnormal request types entering the web server.
It supports settings for 4 items: File Extension Forgery, Abnormal Image Request, Directory Listing, and Method Confusion.
After changing the settings, you must click the [SAVE] button to apply the policy, and the change history will be recorded in the audit log.
| Item | Description |
|---|---|
| File Extension Forgery | Detects when the extension of an uploaded file does not match the actual file header information. This prevents attackers from disguising executable files (.exe, .jsp, etc.) as image files (.jpg, .gif) and uploading them. (Currently operates only for image file formats.) |
| Abnormal Image Request | Detects direct calls to images without visiting a normal web page, or image requests containing abnormal headers. |
| Directory Listing | Detects attempts to exploit the 'Directory Listing' vulnerability to view the server's file list. |
| Method Confusion | Detects requests that violate HTTP method specifications. • When a GET request contains Body data or a Content-Length header • When a POST request contains a QueryString |
Note
Directory Listing Vulnerability
If the web server's directory indexing function is enabled, the server's file and directory structure may be exposed directly through the browser. Attackers can use this to understand the structure of the web application or steal sensitive configuration files.
While DeepFinder can block such access, the most fundamental solution is to disable the indexing feature in the web server (Apache, IIS, Nginx, etc.) configuration.