Hide directory contents from showing when accessing the URL directly
Solution 1
Depending on how your <directory>
directives are defined, you have a couple of options.
For that directory, Options -Indexes
will turn that off. This can be done anywhere in the httpd.conf file to disable that sort of thing.
Also, in an .htaccess file in that specific directory you can place IndexIgnore *
will still produce the list but hide all the contents. A bit hacky, but if you can't modify httpd.conf can work in a pinch.
Solution 2
You need to disable directory browsing. You can do that for the whole server by modifying httpd.conf
, or you can do it in a directory of your choice by using a .htaccess
file.
In both cases, look for the line that begins with Options
and some other words; if it contains Indexes
, change it to -Indexes
; if it doesn't contain it, add it to the line.
If there is no Options
directive, just add Options -Indexes
, and that's all.
Related videos on Youtube
SoLoGHoST
Updated on September 17, 2022Comments
-
SoLoGHoST over 1 year
On my site, if you browse to
http://example.com/images/
the contents of the entire directory are shown like so:How can I make it so that this doesn't happen?
Can I create an
.htaccess
file in that directory? Or is there a better way? I really want to block directory listing for the entire site (i.e. every directory on that site).I figure it's either something that has to be done in Apache or using an global
.htaccess
file and placing it in thepublic_html
folder, perhaps?EDIT
I diverted this using an
index.php
file, but I still feel that security is an issue here, how can I fix this permanently?-
SoLoGHoST about 13 yearsOMG, I'm a retard, just changed the permissions from 755 to 751. Is that secure? 751? Should I use something different instead?
-
-
SoLoGHoST about 13 yearsWhere is the httpd.conf file located? I see a lot of files in my root like this:
.bash_logout
,.bash_profile
,.bashrc
,.contactemail
,.dns
,.ftpquota
,.lastlogin
, andcpbackup-exclude.conf
do I just create the httpd.conf file? -
SoLoGHoST about 13 yearsOK, thanks. The httpd.conf file did NOT exist, so I created it and, on the first line added this:
Options -Indexes
and uploaded it to the public_html directory and TADA, it is working nicely I think. Cheers :) Is that all that should be added to thehttpd.conf
file? -
SoLoGHoST about 13 yearsActually, this doesn't work... arggg.
-
Massimo about 13 yearshttpd.conf is located in /etc (or /etc/httpd/, or something similar) and is Apache's global configuration file, it must exist or your web server would not be working at all. .htaccess needs instead to be created in the directory where you want to change settings.
-
SoLoGHoST about 13 yearsWell, I can see the /etc/ directory, but all that is in there is a file
ftpquota
-
SoLoGHoST about 13 yearsYeah, I believe I am on a shared hosting. So there is no way to do this I suppose. But I do see an
/etc/
folder. Just nothing in there but anftpquota
file. -
Deb about 13 years.htaccess is your best bet, then. Try an
Options -Indexes
first, then if that doesn't work, try IndexIgnore. -
Massimo about 13 yearsUse a .htaccess file in your site's root.