Stop Apache Listing Directories

From time to time I wish to use a directory/folder on a website that does not contain an index, home or default file. With Apache this means that if a web browser is pointed to a folder and there are no such files in that folder, the user will be giving a listing of files. For Example:

Before Options -Indexes

This is fine if you want a quick way to let your users get access to files, but it can also be security risk as users can then navigate to sub folders and parent folders almost as if they have got inside the inner workings of your folder structure. Any hidden folders that you don't intend to be public can therefore be found more easily.

If you wish to stop this from happening there is an easy fix:

The Solution

Simply add the following line to your .htaccess file on the root folder of your website:

Options -Indexes

And then, if the user stumbles upon the folder, they will see.

After Options -Indexes

Basically a 403 error message.

Comments For This Page

On 13th October 2014
ton of thanks

By div on 2nd April 2013
straight to the point, just what i needed, thanks
By marc on 4th May 2011
By Dhruv on 24th March 2010
big thnx!
By farique on 9th January 2009

Add your own comment below and let others know what you think: