Directory listing allows the contents of a directory to be displayed upon request from a web client. It’s not good. To secure our web application we should disable directory listing.

Directory listing looks:

In this guide, I’m going to share some ways to disable directory browsing. Let’s get started:

Table of Contents

1. In Whole Server
2. In Virtual Host
3. In .htaccess File

In Whole Server

If you want to disable in the whole server, then you need to edit Apache main config file. Open the file:

# CentOS
sudo nano /etc/httpd/conf/httpd.conf

# Ubuntu
sudo nano /etc/apache2/apache2.conf

Find the content:

...
<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</directory>
...

And change the line:

Options Indexes FollowSymLinks

To:

Options -Indexes +FollowSymLinks

It should look like this:

...
<Directory /var/www/>
        Options -Indexes +FollowSymLinks
        AllowOverride None
        Require all granted
</directory>
...

Now restart Apache server and test:

# CentOS
sudo systemctl restart httpd

# Ubuntu
sudo systemctl restart apache2

In Virtual Host

In your virtual host file, just add Options -Indexes line like:

<Directory /var/www/public_html>
      Options -Indexes
</Directory>

Now restart Apache server.

In .htaccess File

Open .htaccess file from the root directory of your project and add this line:

Options -Indexes

That’s it. Thanks for reading.