Apache web server allow directory browsing by default. It’s always good to disable directory browsing in security aspect. To disable directory browsing in apache web server you need to edit the httpd.conf or .htaccess
Advertisements
Disable directory browsing using .htaccess:-
- Open your .htacces file
- Look for Options Indexes
- If Options Indexes exists modify it to Options -Indexes or else add Options -Indexes as a new line
- The directory browsing feature should be disable by now
Disable directory browsing using httpd.conf:-
- Open your httpd.conf, normally it’s located at /usr/local/apache/conf or /etc/httpd.conf
- Go to your own Virtual Host settings and look for “Options Indexes”
- Change the Indexes to -Indexes if Option Indexes exists or else add the Options -Indexes line
- Restart your apache web server.
- The directory browsing feature should be disable by now
Disable directory browsing in CPanel Share Hosting enviroment:-
- Login to your CPanel
- Click on Index Manager
- Directory will be list down. Click on the directory name which you want to disable the directory browsing
- Select No Index and click Save
- The directory browsing feature should be disable by now
Once you disable directory browsing, visitor will not able to browse your directory by accessing the directory directly (if there is no index.html file). This will protect your files from exposing to the public.
[tags]disable directory browsing, disable folder browsing, apache server disable directory browisng, directory browsing, web server configuration, apache server configuration, cpanel disable directory browsing[/tags]
Related posts:
How to update Mail Server Settings in Outlook 2016
Bootstrap 3: how to use media queries
Fckeditor - File Manager Session Problem in IE7
How to avoid duplicate content using .htaccess
15GB of Online Cloud Storage for FREE!
Symfony: PHP Fatal error: Call to a member function setData()
Prestashop 1.5 - How to enable add to cart button at Home Featured Product?
How to remove Yahoo connections?
Share this with your friends:-
you can try to block the file from being access. Here’s an example:-
http://www.techiecorner.com/103/how-to-block-log-file-in-htaccess/
http://www.techiecorner.com/1245/how-to-block-access-to-certain-file-types-using-htaccess/
I want don’t to index robots.txt, sitemap.xml and some specific pages. Will you tell me, how can I do it through htaccess? Any suggestion will be appreciated; thanks in advance.
iam using CODE :
# disable directory browsing
Options All -Indexes
but there is promblem in index google site.
How to use ?
Thanks a lot!!!! you are a life saver..
cool, the .htaccess worked for me!
I just pasted Options -Indexes into an empty part of my file with out any # symbols. (caus I didn’t know so I tried).
🙂 PS. make a back up! lol
Thanks a lot!!!
Thanks, it works. Tried and tested successfully.
thank you for this i’ve been looking for this code for a while…
im using linux – centos and its works
/etc/httpd/conf/httpd.conf
look/search for:
Options Indexes FollowSymLinks
and add/replace with:
Options -Indexes FollowSymLinks
then save the httpd.conf
dont forget to restart apache you can do this in the console:
service httpd restart
and your done…
OMFG!!! tHNAK YOU SO MUCH. I tried everything including the .htaccess but i dont have a clue or how to make this work. then i went to cpanel and disabled all directory browsing, as my website will see photos only for members who pay to see them, now its all blocked from public access. Thank you so much. you saved my week, as I have been here struggling for days.
Hi,
If my web server is iplanet, how can I disable Directory Indexing on my web server?
Thanks 🙂
It was very usefull. For ages I’ve been trying to understand how to it, and there was the “Index Manager” in my cpanel…
Cheers
This is a very important tip and I have to apply it to my blog immediately. Thank you for posting this.
Sorry, me being an idiot. It does work. I was adding the custom setting to the VirtualHost and not the .htaccess file.
On the assumption that the .htaccess setting would override that of httpd.conf I tried setting my httpd.conf to
Options -Indexes
and a site’s .htaccess file to
Options Indexes
but this failed to make the directories accessible for the site.
Is it therefore not possible to switch it on on a site per site basis if set to -Indexes in httpd.conf. Or is there another setting required to allow this? I.e. Order deny,allow
correction post, mistake, see=> Directory “${path}/www” and go to => Options Indexes FollowSymLinks
Hi, it’s work for me, like this => go to httpd.conf on apache
see=> =>and go to => Options Indexes FollowSymLinks
make like this behind -Indexes => Options -Indexes FollowSymLinks
turn of your apache services and it’s done.
return on your favorite browser F5
I hope, i can help you
Hi.
En my case i have websphere using ibm http (apache) buy when i put that line in my httpd.conf don’t used and do nothing, i think that websphere jump over httpd.conf and just take the ibm-ext.xml…
[…] http://www.techiecorner.com/106/how-to-disable-directory-browsing-using-htaccess-apache-web-server/ […]
Panos: thanks for the correction. I’ve made the amendment. TQ
You need to make a correction.
If Options Indexes exists modify it to Option -Indexes or else add Options -Indexes as a new line
Should be :
If Options Indexes exists modify it to OptionS -Indexes or else add Options -Indexes as a new line
[…] How to disable directory browsing using .htaccess – Apache Web Server。 俺的网站扔在虚拟主机上,改ä¸äº†apache自己的主é…ç½®æ–‡ä»¶ã€‚è¿™æ ·ï¼Œæœ€ç®€å•çš„办法就是在è¦ç¦æ¢æ–‡ä»¶åˆ—表的目录下建立.htaccess文件,然åŽåœ¨é‡Œé¢åŠ 入一行: […]
[…] apacheä¸ï¼Œå¦‚果一个目录没有index.htmlï¼Œé»˜è®¤ä¼šå¸®ä½ ç”Ÿæˆä¸€ä¸ªï¼Œ åˆ—å‡ºç›®å½•ä¸‹æ‰€æœ‰çš„æ–‡ä»¶ã€‚å¦‚æžœä½ ä¸æƒ³è¦è¿™ä¸ªåŠŸèƒ½ï¼Œå¯ä»¥å‚è€ƒè¿™ç¯‡æ–‡ç« ï¼š How to disable directory browsing using .htaccess – Apache Web Server。 […]
thank you
its works
hi Alejandro, if u already have webserver then u can just move all your picture to the http accessible directory. If you do not wan to move then u have to configure the document root for the webserver.
nobody knows?
And how do I do if I want to share a particular directory? Say I want my family abroad to be able to browse my pics folder, how do I set up that? I have the webserver already working with a very simple page, and I doubt the target audience will be successful using FTP, so web browsing comes to mind.
Thanks,
Alejandro
thanks Shaun for pointing out my type error.
I’ve corrected it.
Hope others able to get the solution.
Hi,
It’s
Options Indexes
to turn on dir browsing
or
Options -Indexes
to turn off dir browsing
The singular version, with just the word Option, just gave me Invalid command on Apache server restart…
cya,
Shaun