How to disable directory browsing using .htaccess – Apache Web Server

advertisement

apache web server, apache logo, web server, apache foundationApache web server allow directory browsing by default. It’s always good to disable directory browsing in security aspect. To disable directory browsing in apache web server you need to edit the httpd.conf or .htaccess

Disable directory browsing using .htaccess:-

  • Open your .htacces file
  • Look for Options Indexes
  • If Options Indexes exists modify it to Options -Indexes or else add Options -Indexes as a new line
  • The directory browsing feature should be disable by now

Disable directory browsing using httpd.conf:-

  • Open your httpd.conf, normally it’s located at /usr/local/apache/conf or /etc/httpd.conf
  • Go to your own Virtual Host settings and look for “Options Indexes
  • Change the Indexes to -Indexes if Option Indexes exists or else add the Options -Indexes line
  • Restart your apache web server.
  • The directory browsing feature should be disable by now

Disable directory browsing in CPanel Share Hosting enviroment:-

  • Login to your CPanel
  • Click on Index Manager
  • Directory will be list down. Click on the directory name which you want to disable the directory browsing
  • Select No Index and click Save
  • The directory browsing feature should be disable by now

Once you disable directory browsing, visitor will not able to browse your directory by accessing the directory directly (if there is no index.html file). This will protect your files from exposing to the public.

Technorati Tags: , , , , , ,

Related posts:

Speed Up and Save Your Website Bandwidth with GZip Compression
The Common Internet Error Code
Block IP from accessing website using .htaccess
How to install LAMP (Apache, PHP and MySQL in Linux) using Yum
How to solve ".htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable&quo...
How to send email from different address in Gmail
How to remove apache test page in CentOS
WordPress: add javascript event after widget save






26 Responses to “How to disable directory browsing using .htaccess – Apache Web Server”

  1. Hero says:

    iam using CODE :

    # disable directory browsing
    Options All -Indexes

    but there is promblem in index google site.
    How to use ?

  2. Maddy says:

    Thanks a lot!!!! you are a life saver..

  3. mike loucas says:

    cool, the .htaccess worked for me!

    I just pasted Options -Indexes into an empty part of my file with out any # symbols. (caus I didn’t know so I tried).

    :) PS. make a back up! lol

  4. Kingsley says:

    Thanks a lot!!!

  5. Hiren Khambhayta says:

    Thanks, it works. Tried and tested successfully.

  6. raven007 says:

    thank you for this i’ve been looking for this code for a while…
    im using linux – centos and its works

    /etc/httpd/conf/httpd.conf
    look/search for:
    Options Indexes FollowSymLinks

    and add/replace with:
    Options -Indexes FollowSymLinks
    then save the httpd.conf

    dont forget to restart apache you can do this in the console:
    service httpd restart

    and your done…

  7. Ricardo says:

    OMFG!!! tHNAK YOU SO MUCH. I tried everything including the .htaccess but i dont have a clue or how to make this work. then i went to cpanel and disabled all directory browsing, as my website will see photos only for members who pay to see them, now its all blocked from public access. Thank you so much. you saved my week, as I have been here struggling for days.

  8. Rocklong says:

    Hi,
    If my web server is iplanet, how can I disable Directory Indexing on my web server?

  9. Carl says:

    Thanks :)
    It was very usefull. For ages I’ve been trying to understand how to it, and there was the “Index Manager” in my cpanel…

    Cheers

  10. Mcneri says:

    This is a very important tip and I have to apply it to my blog immediately. Thank you for posting this.

  11. Nick says:

    Sorry, me being an idiot. It does work. I was adding the custom setting to the VirtualHost and not the .htaccess file.

  12. Nick says:

    On the assumption that the .htaccess setting would override that of httpd.conf I tried setting my httpd.conf to
    Options -Indexes
    and a site’s .htaccess file to
    Options Indexes
    but this failed to make the directories accessible for the site.

    Is it therefore not possible to switch it on on a site per site basis if set to -Indexes in httpd.conf. Or is there another setting required to allow this? I.e. Order deny,allow

  13. nmnoumea says:

    correction post, mistake, see=> Directory “${path}/www” and go to => Options Indexes FollowSymLinks

  14. nmnoumea says:

    Hi, it’s work for me, like this => go to httpd.conf on apache
    see=> =>and go to => Options Indexes FollowSymLinks
    make like this behind -Indexes => Options -Indexes FollowSymLinks

    turn of your apache services and it’s done.
    return on your favorite browser F5
    I hope, i can help you

  15. ramon estrada says:

    Hi.
    En my case i have websphere using ibm http (apache) buy when i put that line in my httpd.conf don’t used and do nothing, i think that websphere jump over httpd.conf and just take the ibm-ext.xml…

  16. chua says:

    Panos: thanks for the correction. I’ve made the amendment. TQ

  17. Panos says:

    You need to make a correction.

    If Options Indexes exists modify it to Option -Indexes or else add Options -Indexes as a new line

    Should be :

    If Options Indexes exists modify it to OptionS -Indexes or else add Options -Indexes as a new line

  18. [...]  How to disable directory browsing using .htaccess – Apache Web Server。 俺的网站扔在虚拟主机上,改不了apache自己的主配置文件。这样,最简单的办法就是在要禁止文件列表的目录下建立.htaccess文件,然后在里面加入一行: [...]

  19. [...] apache中,如果一个目录没有index.html,默认会帮你生成一个, 列出目录下所有的文件。如果你不想要这个功能,可以参考这篇文章: How to disable directory browsing using .htaccess – Apache Web Server。 [...]

  20. Nitin Malla says:

    thank you
    its works

  21. SoGua says:

    hi Alejandro, if u already have webserver then u can just move all your picture to the http accessible directory. If you do not wan to move then u have to configure the document root for the webserver.

  22. Alejandro says:

    nobody knows?

  23. Alejandro says:

    And how do I do if I want to share a particular directory? Say I want my family abroad to be able to browse my pics folder, how do I set up that? I have the webserver already working with a very simple page, and I doubt the target audience will be successful using FTP, so web browsing comes to mind.

    Thanks,
    Alejandro

  24. SoGua says:

    thanks Shaun for pointing out my type error.
    I’ve corrected it.
    Hope others able to get the solution.

  25. Shaun says:

    Hi,

    It’s
    Options Indexes
    to turn on dir browsing
    or
    Options -Indexes
    to turn off dir browsing
    The singular version, with just the word Option, just gave me Invalid command on Apache server restart…

    cya,
    Shaun

Leave a Reply