What is directory listing ?

When you access any directory on your server which does not contain an index.html or index.php file, your web browser will display a list of all the files in that directory. Apache web server usually enables directory listing by default.


Why is it important to disable directory browsing?

For example: If you have a directory called “impfiles” on your server which contains important files, you obviously wouldn’t want your visitors to browse through them.

hack attacks

Prevention from hack attacks

Allowing directory listing also makes your website vulnerable to hack attacks. I would recommend everyone to disable directory listing, especially when you have a wordpress website. Attackers can easily gather important information and weaknesses of your website which could allow them to attack your web server.

Here’s the best way to prevent directory listing or directory browsing with .htaccess (hypertext access) file

Download existing .htaccess file from your server

Login to your web server via your favorite FTP client, I use FileZilla.

If you use FileZilla there is a possibility that your .htaccess file will be hidden. To view .htaccess file in FileZilla

Click on ‘server’ from top menu and select Force showing hidden files”

FileZilla hidden .Htaccess file

Once you login and locate the .htaccess file (it will be in the root folder) , download it on your computer and open it using any ASCII text editor like notepad, wordpad etc

If .htaccess file doesn’t exist on your server, you can easily create one.

  • How to create .htaccess file ?

Open a new notepad file and save as “htaccess” .txt

Upload htaccess.txt file on your server via FTP and rename the file “.htaccess” (Notice the DOT at the beginning of the file)

Once you successfully create .htaccess file, download the same on your computer.

  • Open the .htaccess file using your favorite text editor add the following snippet to disable directory listing
Options -Indexes

You can also use

IndexIgnore *
  •  Note: * represents a wildcard and will restrict all the files within that folder from getting listed

In a scenario where you just need to restrict specific file types.

For example .ZIP or TXT file

Use below snippet to tell Apache web server to prevent listing of zip and txt file type

IndexIgnore *.zip *.txt

If directory listing is disabled and you wish to enable it, use below snippet.

 Options +Indexes

Save, Upload  and Test

Now save your .htaccess file and upload it to your web server via FTP

Once you have uploaded your .htaccess file make sure you check your website thoroughly, .htaccess file controls what server does to your website and one mistake can break your entire site. If in case something went wrong, simply delete your .htaccess file from your web server.

(Visited 225 times, 1 visits today)

Leave A Comment