Prevent website directory listing with .htaccess

Created at: January 27, 2013; Last update: December 10, 2013

What is directory listing?

There are those embarassing moments in life when you feel naked when someone sees at you something they aren’t suppose to see. The same happens with a site, when someone gets to a directory where there is no “index.php” or “index.html”. When those files are missing, the site shows the visitor the directory listing with all the files that are inside it.

For example, if we type “www.somesite.com/images” in the browser, if the settings are not right, the browser will show the listing of the files that can be found in that directory. For security reasons, it’s better not to show the files inside the directory of the web server.

Most of the web servers are configured in such a way that they don’t show the listing of the directory. And yet, there are web servers that are not configured that way.

How can I prevent directory listing?

There is a simple way to prevent directory listing. Just put the any one of following code (after which make sure you press an Enter, the file must end with an empty line) into the .htaccess file.

[javascript src=”https://snipt.net/embed/aaf2d87bdaf511f2cc54905f9701ed8d/”]

or

[javascript src=”https://snipt.net/embed/d3989239616cb045bfa4b09b79fec4da/”]

If you place the .htaccess file in the root folder you will prevent the directory listing aswell the directory listings of the sub-folders.

What if I want to prevent the listing of certain extensions?

Let’s suppose that you don’t want to list “.jpg , .gif and .zip” and you don’t care about listing other files of that directory then you can out the following code inside .htaccess.

You will have to write:

[javascript src=”https://snipt.net/embed/a0cdfa9b3ddb260e2c1eb0b19718f0dc/”]

If your server is setup with preventing directory listing then you can add the following code in the .htaccess file to allow the directory listing.

[javascript src=”https://snipt.net/embed/7160daa0302c32bba16976e64f0df4aa/”]

Leave a Reply

Your email address will not be published. Required fields are marked *

No spam? * Time limit is exhausted. Please reload CAPTCHA.