How do I disable directory browsing?

Question

I want to disable directory browsing of /galerias folder and all subdirectories

Index of /galerias/409

* Parent Directory
* i1269372986681.jpg
* i1269372986682.jpg
* i1269372988680.jpg

They mention this in the movie "The Social Network" https://youtu.be/BPazh2kDdvA?t=1m49s — Daniel L. VanDenBosch, Sep 17 '18 at 17:27
See this in-depth article "How to disable directory listing on Apache" https://helponnet.com/2021/07/29/apache-disable-directory-listing/ — Amit Verma, Jul 29 '21 at 09:16

score 525 · Accepted Answer · edited Oct 01 '19 at 18:10

Create an .htaccess file containing the following line:

Options -Indexes

That is one option. Another option is editing your apache configuration file.

In order to do so, you first need to open it with the command:

vim /etc/httpd/conf/httpd.conf

Then find the line: Options Indexes FollowSymLinks

Change that line to: Options FollowSymLinks

Lastly save and exit the file, and restart apache server with this command:

sudo service httpd restart

(You have a guide with screenshots here.)

Dung · Answer 2 · 2020-01-28T21:18:30.363

365

The best way to do this is disable it with webserver apache2. In my Ubuntu 14.X - open /etc/apache2/apache2.conf change from

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

to

<Directory /var/www/>
        Options FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

then restart apache by:

sudo service apache2 reload

This will disable directory listing from all folder that apache2 serves.

edited Jan 28 '20 at 21:18

answered Jul 16 '15 at 04:16

Dung

19,199
9
59
54

1

FYI: by disabling the Indexes , you get message "You don't have permission to access this resource.", 403 error. – klor Aug 18 '21 at 17:21

score 60 · Answer 3 · answered Oct 07 '16 at 08:52

60

Apart from the aformentioned two methods (edit /etc/apache2/apache2.conf or add Options -Indexes in .htaccess file), here is another one

a2dismod autoindex

Restart the apache2 server afterwards

sudo service apache2 restart

answered Oct 07 '16 at 08:52

justyy

5,831
4
40
73

1

FYI: by disabling the autoindex, you get message "The requested URL was not found on this server.", 404 error. – klor Aug 18 '21 at 17:21

Álvaro González · Answer 4 · 2014-10-20T09:34:13.697

34

Edit/Create an .htaccess file inside /galerias with this:

Options -Indexes

Directory browsing is provided by the mod_autoindex module.

edited Oct 20 '14 at 09:34

answered Mar 27 '10 at 18:22

Álvaro González

142,137
41
261
360

score 28 · Answer 5 · edited Aug 01 '16 at 13:20

You can place an empty file called index.html into each directory that you don't want listed. This has several advantages:

It (usually) requires zero configuration on the server.
It will keep working, even if the server administrator decides to use "AllowOverride None" in the the server configuration. (If you use .htaccess files, this can lead to lots of "Error 500 - internal server error" messages for your users!).
It also allows you to move your files from one server to the next, again without having to mess with the apache configuration.

Theoretically, the autoindexing might be triggered by a different file (this is controlled by the DirectoryIndex option), but I have yet to encounter this in the real world.

score 21 · Answer 6 · answered Jul 04 '14 at 05:13

One of the important thing is on setting a secure apache web server is to disable directory browsing. By default apache comes with this feature enabled but it is always a good idea to get it disabled unless you really need it. Open httpd.conf file in apache folder and find the line that looks as follows:

Options Includes Indexes FollowSymLinks MultiViews

then remove word Indexes and save the file. Restart apache. That's it

score 10 · Answer 7 · edited Dec 15 '20 at 13:36

10

If you choose to modify your httpd.conf file to solve this and you have multiple Options directives, then you must add a - or a + before each directive. Example:

Options -Indexes +FollowSymLinks

edited Dec 15 '20 at 13:36

RavinderSingh13

130,504
14
57
93

answered Aug 07 '17 at 21:03

George

101
1
3

score 5 · Answer 8 · answered Mar 05 '15 at 22:48

This is not an answer, just my experience:

On my Ubuntu 12.04 apache2, didn't find Indexes in either apache2.conf or httpd.conf, luckily I found it in sites-available/default. After removing it, now it doesn't see directory listing. May have to do it for sites-available/default-ssl.

score 3 · Answer 9 · answered Jan 07 '16 at 18:20

To complete @GauravKachhadiya's answer :

IndexIgnore *.jpg

means "hide only .jpg extension files from indexing.

IndexIgnore directive uses wildcard expression to match against directories and files.

a star character , it matches any charactes in a string ,eg : foo or foo.extension, in the following example, we are going to turn off the directory listing, no files or dirs will appear in the index :

IndexIgnore *

Or if you want to hide spacific files , in the directory listing, then we can use

IndexIgnore *.php

*.php => matches a string that starts with any char and ends with .php

The example above hides all files that end with .php

Sos. · Answer 10 · 2019-10-22T13:47:00.273

2

Add this in your .htaccess file:

Options -Indexes

If it is not work for any reason, try this within your .htaccess file:

IndexIgnore *

edited Oct 22 '19 at 13:47

answered Feb 23 '17 at 23:33

Sos.

914
10
14

score 2 · Answer 11 · answered Sep 08 '17 at 15:59

2

Open Your .htaccess file and enter the following code in

Options -Indexes

Make sure you hit the ENTER key (or RETURN key if you use a Mac) after entering the "Options -Indexes" words so that the file ends with a blank line.

answered Sep 08 '17 at 15:59

zish

607
2
6
15

score 0 · Answer 12 · edited Sep 19 '15 at 03:09

0

Try this in .htaccess:

IndexIgnore *.jpg

edited Sep 19 '15 at 03:09

muru

4,723
1
34
78

answered Oct 17 '14 at 12:31

Gaurav Kachhadiya

19
2

This didn't seem to have any effect for me. What is it supposed to do? – intcreator Dec 03 '15 at 17:05

score 0 · Answer 13 · edited Oct 27 '21 at 10:37

0

In Directory Section ( /etc/httpd/httpd.conf)

Remove Line - Options Indexes FollowSymLinks

New Line - Options FollowSymLinks

edited Oct 27 '21 at 10:37

RavinderSingh13

130,504
14
57
93

answered Oct 27 '21 at 09:59

dhananjay ghogare

24
3

score 0 · Answer 14 · answered Aug 04 '22 at 01:56

I found another way of doing this with virtual hosts:

<VirtualHost *:80>
    DocumentRoot C:/WAMP/Apache24/htdocs/
    ServerName vehiclesspares.com
    <Directory C:/WAMP/Apache24/htdocs/vehiclesspares.com>
        Options FollowSymLinks
        AllowOverride None
        Require all granted
    </Directory>    
</VirtualHost>

This worked for me on Apache 2.4.54 on my local windows machine with the host file (C:\Windows\System32\drivers\etc\hosts) containing the line: 127.0.0.1 vehiclesspares.com This configuration also had vehiclesspares.com under the docroot: C:\WAMP\Apache24\htdocs\vehiclesspares.com

How do I disable directory browsing?

14 Answers14

Linked

Related