"Default web page" vulnerability is useful to detect unused Web server that are active on a server. Very often, stopping the Web server solves a lot of other vulnerabilities, related to the (useless) Web site.
But very often, there's a necessary Web site, running properly, whose "default web page" is either a redirection or an authentication page.
The flaw is due to misconfiguration of Server, which allows to
access default pages when the server is not used.
Successful exploitation will allow remote attackers to obtain sensitive
information that could aid in further attacks.
Apache
If you are unable to edit your master configuration files, you can use this directive from .htaccess. Just edit the .htaccess file located in your main HTML directory. If you do not have this file, feel free to create it! To change the default page, either edit the existingDirectoryIndex line or add the following: DirectoryIndex index.shtml index.html This will make index.shtml the default page.
IIS
<system.webServer>
<defaultDocument>
<files>
<clear />
<add value="Path of your Page" />
</files>
</defaultDocument>
</system.webServer>
<configuration>
<system.webServer>
<defaultDocument enabled="true">
<files>
<add value="home.html" />
</files>
</defaultDocument>
</system.webServer>
</configuration>
Manually :