A directory is unprotected.

A directory is unprotected.

by Mario Gharib -
Number of replies: 2
Dear Moodlers,

Our security team have recently informed us that the following Moodle directory 'admin/tool' is unprotected, any idea why ? Shouldn't this directory be protected like all other directories ? 
Average of ratings: -
In reply to Mario Gharib

Re: A directory is unprotected.

by Paul Holden -
Picture of Core developers Picture of Moodle HQ Picture of Moodle Workplace team Picture of Particularly helpful Moodlers Picture of Peer reviewers Picture of Plugin developers Picture of Testers
Hi Mario,

What security issue do they say this creates? Do the contents differ from https://github.com/moodle/moodle/tree/master/admin/tool ? Which other directories have you protected?

It's likely you just need to disable DirectoryIndex on your site/webserver (assuming Apache, although there will be similar configuration for IIS, Nginx, etc)
Average of ratings: -
In reply to Mario Gharib

Re: A directory is unprotected.

by Brett Dalton -
Picture of Moodle HQ Picture of Particularly helpful Moodlers
As Paul has indicated this is most likely a file system/web server configuration issue rather than a Moodle issue
Average of ratings: -