Preventing listing files and directories with .htaccess (Apache)

Views: 5.561
Reading Time: <1 minute

Staff,
Good evening.

Today I am going to talk about how to prevent unauthorized people from viewing the files and folders of your Apache web server by entering a directory name, such as www.yourdomain.com/images/.

By default, the apache web server will open the default file defined by the DirectoryIndex directive (Learn more here). If this file does not exist or does not have a predefined directive, the server will open the listing of files and directories.

Most of the time, this is not interesting and even facilitates possible attempts at cracking attacks on your site. Learn now how to control it.

Using the IndexIgnore Directive
Through the IndexIgnore directive, we can block N file extensions that we do not want listed.

Examples:

Using the Options Directive
This directive is more complete and simple, blocking any directory listing on your server and sending the HTTP 403 (Forbidden) error code to anyone trying to access it.

How to use:

Now your servers are more secure and private!
To the next!