What is it?

• Directory listing is a feature that lists the directories contents when there is no index file
• This is an information leakage issue, and the attackers can use such information to craft other attacks.

how to disable it?

• Configure your web server to prevent directory listings for all paths beneath the web root
• Place into each directory a default file (such as index.htm) that the web server will display instead of returning a directory listing.

Reference

• https://portswigger.net/kb/issues/00600100_directory-listing
• https://www.acunetix.com/blog/articles/directory-listing-information-disclosure/
• https://www.netsparker.com/blog/web-security/disable-directory-listing-web-servers/