How to prevent / allow directory listing of Website

By | January 5, 2014

When user hitting url in the browser that pointed to the directory of your website which does not contain any index file (like index.html, index.php, default.html) than all files of directory are listed on web pages  and visitor are able to see all used files list with also easily access it.

There are several methods that you can use for disable / prevent directory from listing by web server.

1 Disable Directory listing by adding default file.

It is too easy to disable directory from listing by just adding default calling file to particular directory for which you want to disable listing.  And redirect user to specific page while calling that directory.

Note: default calling file mean a file with name index.html, Default.html, index.htm, index.php etc.

2 Disable Directory listing using .htaccess file for Apache server

If you are using the Apache server for your website than you can also disable browsing directory using .htacess file.

To prevent or disable a web server from listing directory whenever user point a directory url which does not have index file.

Add following syntax in .htaccess file.

Options -Indexes

Note :  .htaccess file already exist on your website root directory. If you not find any .htaccess file than once confirm by accessing file manager tools from Cpanel because in some cases it may be hidden for FTP access user. Finally not exist than create new .htaccess.

After adding above syntax in .htaccess, when you hit url that point directory with no index file than it show you 403 forbidden error instead of directory list.

3 Disable Directory Listings in Apache server by editing main config file

In the Apache web server, you can also disable directory listing by editing apache configuration file. It is strongly recommend that you follow these steps unless you actually do want to show directories to your users. In that case, it is best to enable the following on all other directories, and make exceptions for the directories you want to show.

•         Find out your Apache config file (httpd.conf)

•         Open the config file using a text editor like Notepad++, Adobe Dream viewer

•         Look for the directory section of the file where your website resides, and the Options keyword beneath that. It should look something like:

<Directory /home/websitename/public_html>
Options Indexes
</Directory>

Update the option ‘Indexes’ to –Indexes like,

Options -Indexes

If you don’t have access of your server Apache configuration, than you need to go with 2 option.

Fancy Indexing view of Directory Listing

In Some cases, you need to allow a web server to listing a directory with some really nice look file indexes with it icons, size, modification date etc. this can be done by adding following syntax to .htaccess file.

+FancyIndexing can be use for listing fancy directory whereas –FancyIndexing for display normal directory listing.

Prevent Specific files from listing directory

In some case, you may need to not display specific type files in directory listing. Then use IndexIgnore syntax in .htaccess file.

Following syntax prevent .zip and .txt file form display in directory listing.

Change default Index File

It is possible to change the default calling index file from index.html (or index.php, deault.html, default.htm etc) to any other file by adding DirectoryIndex syntax in .htaccess with file name that want to set for default.

.above syntax change the index file to welcom.html

Leave a Reply

Your email address will not be published. Required fields are marked *