disable directory listing in apache

How to Disable Directory Browsing in Apache

By default, directory listing is enabled in Apache web server. It means that if a requested URL is not available Apache will show you the directory structure of your website for easier navigation. This can pose a security risks since attackers can easily figure out your website’s files & folders even without knowing the proper URLs. In this article, we will look at how to disable directory browsing in Apache.


How to Disable Directory Browsing in Apache

By default, if you enter a wrong URL in your web browser, you will see something like the following screen.

There are 3 ways to disable directory browsing in Apache web server:

  1. By disabling autoindex module
  2. Via Directory’s Options Directive
  3. Using .htaccess file

Also read : Difference between $host and $http_host


We will look at each of these methods separately.

Disable Apache Directory Listing via Autoindex module

By default, autoindex Apache module which displays directory listing, is enabled. You need to disable it.

Ubuntu/Debian

For Ubuntu /Debian systems, open terminal and run the following command to disable it.

$ sudo a2dismod --force autoindex # Ubuntu, Debian and SUSE 
Module autoindex disabled. 
To activate the new configuration, you need to run:
   systemctl restart apache2

CentOS/Redhat/Fedora

For CentOS/Redhat/Fedora systems, open Apache configuration file

$ sudo vi /etc/apache2/httpd.conf

Comment the line starting with LoadModule directive for autoindex by adding # sign at its beginning.

Restart Apache server to apply changes.

$ sudo service apache2 restart

Also read : How to Test Multiple Variables against value in Python


Disable Directory Browsing Via Options Directive

You can easily add -Indexes directive to Apache configuration file. Open Apache configuration file in a text editor

$ sudo vi /etc/apache2/httpd.conf

Add the following lines to it.

<Directory /var/www/html>
    Options -Indexes
</Directory>

Please note, the Directory tag needs to refer to the DocumentRoot location of your website (e.g. /var/www/html). If you use another location, only subfolders present in that location will be protected from listing. Other files & folders on your site will continue to be listed.

Save and close the file.

Restart Apache server to apply changes

$ sudo service apache2 restart

Also read : How to Grep Multiple Strings, Patterns & Words


Disable Directory Listing with .htaccess file

You can also disable directory browsing using .htaccess file in Apache web server.

Open .htaccess file in a text editor

$ sudo vi /var/www/html/.htaccess

Add the following line to it.

Options -Indexes

Save & close the file. Restart Apache server to apply changes.

Also read : How to Prevent Direct File Download in Apache Server


Leave a Reply

Your email address will not be published. Required fields are marked *