Hide directory contents from showing when accessing the URL directly
Solution 1
Depending on how your <directory> directives are defined, you have a couple of options.
For that directory, Options -Indexes will turn that off. This can be done anywhere in the httpd.conf file to disable that sort of thing.
Also, in an .htaccess file in that specific directory you can place IndexIgnore * will still produce the list but hide all the contents. A bit hacky, but if you can't modify httpd.conf can work in a pinch.
Solution 2
You need to disable directory browsing. You can do that for the whole server by modifying httpd.conf, or you can do it in a directory of your choice by using a .htaccess file.
In both cases, look for the line that begins with Options and some other words; if it contains Indexes, change it to -Indexes; if it doesn't contain it, add it to the line.
If there is no Options directive, just add Options -Indexes, and that's all.
Related videos on Youtube
08 : 00
02 : 07
05 : 41
02 : 14
02 : 01
SoLoGHoST
Updated on September 17, 2022Comments
-
SoLoGHoST over 1 year
On my site, if you browse to
http://example.com/images/the contents of the entire directory are shown like so:
How can I make it so that this doesn't happen?
Can I create an
.htaccessfile in that directory? Or is there a better way? I really want to block directory listing for the entire site (i.e. every directory on that site).I figure it's either something that has to be done in Apache or using an global
.htaccessfile and placing it in thepublic_htmlfolder, perhaps?EDIT
I diverted this using an
index.phpfile, but I still feel that security is an issue here, how can I fix this permanently?-
SoLoGHoST about 13 yearsOMG, I'm a retard, just changed the permissions from 755 to 751. Is that secure? 751? Should I use something different instead?
-
-
SoLoGHoST about 13 yearsWhere is the httpd.conf file located? I see a lot of files in my root like this:
.bash_logout,.bash_profile,.bashrc,.contactemail,.dns,.ftpquota,.lastlogin, andcpbackup-exclude.confdo I just create the httpd.conf file? -
SoLoGHoST about 13 yearsOK, thanks. The httpd.conf file did NOT exist, so I created it and, on the first line added this:
Options -Indexesand uploaded it to the public_html directory and TADA, it is working nicely I think. Cheers :) Is that all that should be added to thehttpd.conffile? -
SoLoGHoST about 13 yearsActually, this doesn't work... arggg.
-
Massimo about 13 yearshttpd.conf is located in /etc (or /etc/httpd/, or something similar) and is Apache's global configuration file, it must exist or your web server would not be working at all. .htaccess needs instead to be created in the directory where you want to change settings. -
SoLoGHoST about 13 yearsWell, I can see the /etc/ directory, but all that is in there is a file
ftpquota -
SoLoGHoST about 13 yearsYeah, I believe I am on a shared hosting. So there is no way to do this I suppose. But I do see an
/etc/folder. Just nothing in there but anftpquotafile. -
Deb about 13 years.htaccess is your best bet, then. Try an
Options -Indexesfirst, then if that doesn't work, try IndexIgnore. -
Massimo about 13 yearsUse a .htaccess file in your site's root.
