How to disable directory browsing using .htaccess – Apache Web Server
Apache web server allow directory browsing by default. It’s always good to disable directory browsing in security aspect. To disable directory browsing in apache web server you need to edit the httpd.conf or .htaccess
Disable directory browsing using .htaccess:-
- Open your .htacces file
- Look for Options Indexes
- If Options Indexes exists modify it to Options -Indexes or else add Options -Indexes as a new line
- The directory browsing feature should be disable by now
Disable directory browsing using httpd.conf:-
- Open your httpd.conf, normally it’s located at /usr/local/apache/conf or /etc/httpd.conf
- Go to your own Virtual Host settings and look for “Options Indexes”
- Change the Indexes to -Indexes if Option Indexes exists or else add the Options -Indexes line
- Restart your apache web server.
- The directory browsing feature should be disable by now
Disable directory browsing in CPanel Share Hosting enviroment:-
- Login to your CPanel
- Click on Index Manager
- Directory will be list down. Click on the directory name which you want to disable the directory browsing
- Select No Index and click Save
- The directory browsing feature should be disable by now
Once you disable directory browsing, visitor will not able to browse your directory by accessing the directory directly (if there is no index.html file). This will protect your files from exposing to the public.
Posted at March 13th, 2007 by chua
If you think this article helps you to solve your problem and clear your headache, feel free to buy me a drink :)
March 29th, 2007 at 11:19 am
Hi,
It’s
Options Indexes
to turn on dir browsing
or
Options -Indexes
to turn off dir browsing
The singular version, with just the word Option, just gave me Invalid command on Apache server restart…
cya,
Shaun
March 29th, 2007 at 11:25 am
thanks Shaun for pointing out my type error.
I’ve corrected it.
Hope others able to get the solution.
November 27th, 2007 at 12:47 am
And how do I do if I want to share a particular directory? Say I want my family abroad to be able to browse my pics folder, how do I set up that? I have the webserver already working with a very simple page, and I doubt the target audience will be successful using FTP, so web browsing comes to mind.
Thanks,
Alejandro
April 7th, 2008 at 8:11 am
nobody knows?
April 7th, 2008 at 8:35 am
hi Alejandro, if u already have webserver then u can just move all your picture to the http accessible directory. If you do not wan to move then u have to configure the document root for the webserver.
April 21st, 2008 at 12:13 pm
thank you
its works
May 30th, 2008 at 11:30 am
[...] apache中,如果一个目录没有index.html,默认会帮你生成一个, 列出目录下所有的文件。如果你不想要这个功能,可以参考这篇文章: How to disable directory browsing using .htaccess – Apache Web Server。 [...]
August 30th, 2008 at 6:04 am
[...] How to disable directory browsing using .htaccess – Apache Web Server。 俺的网站扔在虚拟主机上,改不了apache自己的主配置文件。这样,最简单的办法就是在要禁止文件列表的目录下建立.htaccess文件,然后在里面加入一行: [...]
September 19th, 2008 at 11:59 pm
You need to make a correction.
If Options Indexes exists modify it to Option -Indexes or else add Options -Indexes as a new line
Should be :
If Options Indexes exists modify it to OptionS -Indexes or else add Options -Indexes as a new line
September 20th, 2008 at 5:53 pm
Panos: thanks for the correction. I’ve made the amendment. TQ
October 8th, 2008 at 12:46 am
[...] http://www.techiecorner.com/106/how-to-disable-directory-browsing-using-htaccess-apache-web-server/ [...]