Open IIS Manager, select the directory, double-click "Directory Browsing," and select "Disabled" in the Actions pane.
Penetration testers and malicious actors actively query Google for intitle:"index of" "view.shtml". Here is a typical attack flow: index of view.shtml
A malicious researcher can find vulnerable sites using queries like: This search returns every publicly indexed server with
intitle:"index of" "view.shtml"
This search returns every publicly indexed server with an exposed view.shtml directory. Open IIS Manager
If an attacker attempted a directory traversal attack (../../view.shtml/) and the server responded with an index listing, it confirms that SSI execution is possible outside the web root—a severe vulnerability.