Disable Directory Listing on Apache
Directory listing allows the contents of a directory to be displayed upon request from a web client. It’s not good. To secure our web application we should disable directory listing.
Directory listing looks:
In this guide, I’m going to share some ways to disable directory browsing. Let’s get started:
Table of Contents
In Whole Server
If you want to disable in the whole server, then you need to edit Apache main config file. Open the file:
# CentOS sudo nano /etc/httpd/conf/httpd.conf # Ubuntu sudo nano /etc/apache2/apache2.conf
Find the content:
... <Directory /var/www/> Options Indexes FollowSymLinks AllowOverride None Require all granted </directory> ...
And change the line:
Options Indexes FollowSymLinks
Options -Indexes +FollowSymLinks
It should look like this:
... <Directory /var/www/> Options -Indexes +FollowSymLinks AllowOverride None Require all granted </directory> ...
Now restart Apache server and test:
# CentOS sudo systemctl restart httpd # Ubuntu sudo systemctl restart apache2
In Virtual Host
In your virtual host file, just add
Options -Indexes line like:
<Directory /var/www/public_html> Options -Indexes </Directory>
Now restart Apache server.
In .htaccess File
Open .htaccess file from the root directory of your project and add this line:
That’s it. Thanks for reading.
Md Obydullah is a software engineer and full stack developer specialist at Laravel, Django, Vue.js, Node.js, Android, Linux Server, and Ethichal Hacking.