If you create a new directory (or folder) on your website, and do not put an “index.html
” file in it, you may be surprised to find that your visitors can get a directory listing of all the files in that folder. For example, if you create a folder called “media“, you can see everything in that directory simply by typing “
http://www.example.com/media/
” in your browser. No password or anything is needed.
Disable directory browsing using .htaccess:
Add the following line to your .htaccess
file.
Options -Indexes
Make sure you hit the ENTER key (or RETURN key if you use a Mac) after entering the “Options -Indexes” words so that the file ends with a blank line.
Disable directory browsing using httpd.conf:
- Open your httpd.conf, normally it’s located at /usr/local/apache/conf or /etc/httpd.conf
- Go to your own Virtual Host settings and look for “Options Indexes”
- Change the Indexes to -Indexes if Option Indexes exists or else add the Options -Indexes line
- Restart your apache web server.
- The directory browsing feature should be disable by now
Disable directory browsing in CPanel Share Hosting environment:
- Login to your CPanel
- Click on Index Manager
- Directory will be list down. Click on the directory name which you want to disable the directory browsing
- Select No Index and click Save
- The directory browsing feature should be disable by now
If all goes well, you should get a “Forbidden” error when you try to access a directory that doesn’t have an index file.
If anything goes wrong, delete the .htaccess
or check settings or file on your website and your site should work again.
Note :For those who had an existing .htaccess
on the site before, upload the backup copy to the site.