diff --git a/product/ERP5Type/Base.py b/product/ERP5Type/Base.py
index 8fd7c131522d6a9b2de2727a64f3e78f11131555..13b4e1f6674e3d26adfb8b2b699770610bc8f6e1 100644
--- a/product/ERP5Type/Base.py
+++ b/product/ERP5Type/Base.py
@@ -2844,15 +2844,16 @@ class Base( CopyContainer,
     """
     Tells whether this document is indexable, taking into account its entire
     ancestry: a document may only be indexed if its parent is indexable, and
-    it's parent's parent, etc until ERP5Site object (inclusive).
-    """
-    node = self.aq_inner
-    portal = aq_base(self.getPortalObject())
-    is_indexable = self.isIndexable
-    while is_indexable and aq_base(node) is not portal:
-      node = node.aq_parent
-      is_indexable = node.isSubtreeIndexable()
-    return is_indexable
+    its parent's parent, etc until ERP5Site object (inclusive).
+    """
+    if self.isIndexable:
+      node = self.aq_inner.aq_parent
+      portal = aq_base(node.getPortalObject())
+      while node.isSubtreeIndexable():
+        if aq_base(node) is portal:
+          return True
+        node = node.aq_parent
+    return False
 
   security.declarePrivate('immediateReindexObject')
   def immediateReindexObject(self, *args, **kw):
diff --git a/product/ERP5Type/Core/Folder.py b/product/ERP5Type/Core/Folder.py
index 4dd4d169bf3c76d7a49ef4d64e62811a3e1b891e..a3d479b096be37f3cf26fd8054253a3140bc3a1f 100644
--- a/product/ERP5Type/Core/Folder.py
+++ b/product/ERP5Type/Core/Folder.py
@@ -1304,7 +1304,19 @@ class Folder(OFSFolder2, CMFBTreeFolder, CMFHBTreeFolder, Base, FolderMixIn):
     )(*args, **kw)
 
   security.declarePublic('recursiveReindexObject')
-  def recursiveReindexObject(self, activate_kw=None, **kw):
+  def recursiveReindexObject(self, activate_kw=None, REQUEST=None, **kw):
+    """Recursively indexes the content of self.
+    """
+    if REQUEST is not None:
+      # Being able to trigger recursive reindexation from URL is convenient
+      # when administrating an ERP5 instance. However, appropriate security
+      # is important to prevent DoS on big objects (in number of subobjects),
+      # i.e. modules. For consistency, we check the same permission as for
+      # reindexObjectSecurity. A normal user is usually not allowed to modify
+      # a module (only add/delete subobjects).
+      if not getSecurityManager().checkPermission(
+          Permissions.ModifyPortalContent, self):
+        raise AccessControl_Unauthorized
     if self.isAncestryIndexable():
       kw, activate_kw = self._getReindexAndActivateParameterDict(
         kw,