Configure IIS to return 404 for directory browse attempts

The solution that worked for us (IIS7):

disable directory browsing => 403
create a default document (default.htm or whatever default file name is configured) => 200
set the default document's file attributes to hidden => 404

If you are using ASP.Net MVC add the following handler into web.config

<system.webServer>
  <handlers>
    <add name="StopDirectoryBrowsing" path="*." resourceType="Directory" verb="*" 
         preCondition="integratedMode" type="System.Web.HttpNotFoundHandler" />
  </handlers>
<system.webServer>

Tags:

Asp.Net

Iis

Related