Disable directory browsing using .htaccess in apache

Apache web server allow directory browsing by default. It’s always good to disable directory browsing in security aspect. To disable directory browsing in apache web server you need to edit the httpd.conf or .htaccess

Disable directory browsing using .htaccess:-

  • Open your .htacces file
  • Look for Options Indexes
  • If Options Indexes exists modify it to Options -Indexes or else add Options -Indexes as a new line
  • The directory browsing feature should be disable by now

Disable directory browsing using httpd.conf:-

  • Open your httpd.conf, normally it’s located at /usr/local/apache/conf or /etc/httpd.conf
  • Go to your own Virtual Host settings and look for “Options Indexes
  • Change the Indexes to -Indexes if Option Indexes exists or else add the Options -Indexes line
  • Restart your apache web server.
  • The directory browsing feature should be disable by now

Disable directory browsing in CPanel Share Hosting enviroment:-

  • Login to your CPanel
  • Click on Index Manager
  • Directory will be list down. Click on the directory name which you want to disable the directory browsing
  • Select No Index and click Save
  • The directory browsing feature should be disable by now

Once you disable directory browsing, visitor will not able to browse your directory by accessing the directory directly (if there is no index.html file). This will protect your files from exposing to the public.

Leave a Reply