If your website is hosted on a Apache Web Server, then you should know that directory browsing feature is enabled by default. When a default file or index.html file is not present, server list downs all directory contents. In order to protect website from hackers or other unwanted vulnerabilities, one should disable directory listing on the Apache server.
How to disable directory browsing ?
Directory browsing can be disabled by two ways, one is by editing the .htaccess file and add security to website which is located in root of the directory. Other method is by editing the httpd.conf file, which is the apache server file.
In my previous article How to improve website performance by Image Caching using htaccess, I explained about improving website performance and this article will cover a tip about website security.
Make sure before modifying file for any changes, I recommend you to backup all the website data.
- Using any ftp client, login to the website directory, you will find .htaccess file located in the root of your directory.
- Open .htaccess file to edit it using a text editor.
- Find “Options-Indexes” in the text editor, you can use Ctrl+F to search for exact match. In case no “Options-Indexes” line exists, add “Options-Indexes” without quotes in the new line of htaccess file.
- Once done, save the file and upload to root directory of website.
Once htaccess file is uploaded, refresh the website / url, which is listing directory content. I hope this tutorial will secure your website. If you have any queries or any further assistance is required, you can post comment below, as your feedback.