Disable directory listing

prayank · September 20, 2020, 5:48am

Some of the results for this Google dork are files associated with websites:

inurl:ipfs.io/ipfs intext:"index of"

Also observed it’s not just ipfs.io but the website domain and other gateways (infura, cloudflare and pinata) also has a similar link which lists few directories which may contain information helpful for an attacker

Is it okay to list few directories which can be listed as described above for a website using IPFS or there are best practices to avoid/disable it?

d09327fe · September 20, 2020, 9:02am

AFAIK, this is intended behavior, since ipfs directory objects contains the list of files within in, so it’s impossible to hide an ipfs directory object’s file list. therefore it’s not an extra attack surface to have an index page of them. and what would an attacker hurt? there are no server side programs involved, no cgi, so they can not “hack” anyone’s internal infrastructure.

Topic		Replies	Views
Ipfs/dir-index-html Help	1	242	December 29, 2020
Ipfs file listing	1	367	November 12, 2019
IPFS automatically generated a directory names ipfs	3	347	December 18, 2021
Understanding IPFS directories Help	4	6575	March 3, 2018
Ipfs.io is being used in email phishing News	2	284	September 27, 2023

Disable directory listing

Related topics