Disable directory listing in IIS7

By | February 22, 2013

Today’s business fundamental is to have everything stored in secure manner. CRM is not out of this. It holds most important customer data and statistics which must not be given up due to loose security. Hence most of the organizations implement SSL on CRM servers to authorize the access to the site and ensure that the valid users are accessing it.
You know CRM can be accessed with URL somewhat like http:// <Domain Name> /<CRM Instance Name>/eware.dll/go.  Here is the standard login screen which comes up.

Now as a curiosity I want to dig dipper through this URL. I typed below URL and my god entire directory of custom pages was displayed.
http://<Domain Name >/ <CRM Instance>/CustomPages/

Now if I would have had any file in there with important credentials or something they were open for the theft. Well, the scenario is how you can avoid this directory listing. It’s pretty simple job. I will illustrate the same for IIS7.

  1. Go to RUN
  2. Type inetmgr and click Enter to open IIS console
  3. Select CRM Directory under      Default website.
  4. In the right hand side      panel double click on the “Directory      Browsing “ option
  5. Click on the Disable button

Now after apply above settings if I will try and access the above mentioned URL I will get the “Directory Listing Denied” error.