[Apache] Disable Web Directory Listing Using .htaccess File | Hide Files in a Web Directory

Most of the hosting companies, by default, will allow you to see the list of files in a web directory i.e. if your visitors open a directory of a website (e.g. example.com/stats) in a browser, they can see the files present in that directory. They do not need any password or extra privileges to see the contents of a directory. Isn’t it scary?Apache - Disable Web Directory Listing Using .htaccess File

In this post, I am going to show you some approaches to hide the files present in a web directory from your visitors.

Approach 1: The easiest way is to put an empty index.html file in all directories. This way if your visitors try to access a web directory, they will see an empty page.

Approach 2: If your web server is Apache and you have access to the .htaccess file.

  • Open your .htaccess file in edit mode and add the following line to this file: Options -Indexes

    This approach will disable directory listing and your visitors cannot see the files present in a web directory, however, this approach will give 403 error. If you want to redirect visitors to some other page, you can also add the following line to the .htaccess file.

    ErrorDocument 403 /403.php

    Caveat: If you are using a subdomain, this approach may disable access to the subdomain.

Approach 3: If your web server is Apache and you have access to the .htaccess file.

  • Open your .htaccess file in edit mode and add the following line to this file. If your visitors try to access the directory, they will see “Index of /folder-name” in the browser. This approach will not disable access to the subdomain.
IndexIgnore *

Approach 4: If you have access to the http.conf file, open this file and search for htdocs, then replace Options Indexes FollowSymLinks with Options FollowSymLinks.

<Directory "/usr/local/apache/htdocs">
    Options FollowSymLinks
    AllowOverride None
    Require all granted
</Directory>

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.