You may also use .htaccess to disable indexing, or Directory Browsing. Automatically, this method is switched on within the server's configuration files. To disable this, add this line for your .htaccess file:
The potential of using relative references isn't a real problem:
which may be addressed directly anyway. For those who have sensitive files inside, you need to move them outdoors the net root, or block your directory listing.
What will be a real issue is when the following works:
which may serve files outdoors the document root. But that won't happen by having an up-to-date web server.
There's 3 steps you can take, varying from least secure to many secure.
- Disable indexes as suggested by @Lizard
- Create a rule within the htaccess file to deny use of folders people aren't permitted to gain access to
- Slowly move the files that should not be utilized outdoors from the DocumentRoot.