Most of the hosting companies, by default, will allow you to see the list of files in a web directory i.e. if your visitors open a directory of a website (e.g. example.com/stats) in a browser, they can see the files present in that directory. They do not need any password or extra privileges to see the contents of a directory. Isn’t it scary?
In this post, I am going to show you some approaches to hide the files present in a web directory from your visitors.
Approach 1: The easiest way is to put an empty index.html file in all directories. This way if your visitors try to access a web directory, they will see an empty page.
Approach 2: If your web server is Apache and you have access to the .htaccess file.
- Open your .htaccess file in edit mode and add the following line to this file: Options -Indexes
This approach will disable directory listing and your visitors cannot see the files present in a web directory, however, this approach will give 403 error. If you want to redirect visitors to some other page, you can also add the following line to the .htaccess file.
ErrorDocument 403 /403.php
Caveat: If you are using a subdomain, this approach may disable access to the subdomain.
Approach 3: If your web server is Apache and you have access to the .htaccess file.
- Open your .htaccess file in edit mode and add the following line to this file. If your visitors try to access the directory, they will see “Index of /folder-name” in the browser. This approach will not disable access to the subdomain.
Approach 4: If you have access to the
<Directory "/usr/local/apache/htdocs"> Options FollowSymLinks AllowOverride None Require all granted </Directory>