By default, directory listing is enabled in Apache web server. It means that if a requested URL is not available Apache will show you the directory structure of your website for easier navigation. This can pose a security risks since attackers can easily figure out your website’s files & folders even without knowing the proper URLs. In this article, we will look at how to disable directory browsing in Apache.
How to Disable Directory Browsing in Apache
By default, if you enter a wrong URL in your web browser, you will see something like the following screen.
There are 3 ways to disable directory browsing in Apache web server:
- By disabling autoindex module
- Via Directory’s Options Directive
- Using .htaccess file
Also read : Difference between $host and $http_host
We will look at each of these methods separately.
Disable Apache Directory Listing via Autoindex module
By default, autoindex Apache module which displays directory listing, is enabled. You need to disable it.
Ubuntu/Debian
For Ubuntu /Debian systems, open terminal and run the following command to disable it.
$ sudo a2dismod --force autoindex # Ubuntu, Debian and SUSE Module autoindex disabled. To activate the new configuration, you need to run: systemctl restart apache2
CentOS/Redhat/Fedora
For CentOS/Redhat/Fedora systems, open Apache configuration file
$ sudo vi /etc/apache2/httpd.conf
Comment the line starting with LoadModule directive for autoindex by adding # sign at its beginning.
Restart Apache server to apply changes.
$ sudo service apache2 restart
Also read : How to Test Multiple Variables against value in Python
Disable Directory Browsing Via Options Directive
You can easily add -Indexes directive to Apache configuration file. Open Apache configuration file in a text editor
$ sudo vi /etc/apache2/httpd.conf
Add the following lines to it.
<Directory /var/www/html>
Options -Indexes
</Directory>
Please note, the Directory tag needs to refer to the DocumentRoot location of your website (e.g. /var/www/html). If you use another location, only subfolders present in that location will be protected from listing. Other files & folders on your site will continue to be listed.
Save and close the file.
Restart Apache server to apply changes
$ sudo service apache2 restart
Also read : How to Grep Multiple Strings, Patterns & Words
Disable Directory Listing with .htaccess file
You can also disable directory browsing using .htaccess file in Apache web server.
Open .htaccess file in a text editor
$ sudo vi /var/www/html/.htaccess
Add the following line to it.
Options -Indexes
Save & close the file. Restart Apache server to apply changes.
Also read : How to Prevent Direct File Download in Apache Server
Related posts:
Sreeram has more than 10 years of experience in web development, Python, Linux, SQL and database programming.
Thank you, Thank you, Thank you!
After trying to disable directory browsing and indexing in v-host configurations and using .htaccess, I came across your simple but brilliant solution which is to disable mod Autoindex. Nothing else has worked for me without throwing errors on Ubantu 20.04 and I wasted a couple of hours trying to implement other solutions. You guys are brilliant!