Disable Apache Web Directory Listing Using .htaccess File

Securing your apache web server is one of the most important task, specially when you setting up a new website.

For example, if you create a new website directory called “tecmint” under your Apache server (/var/www/tecmint or /var/www/html/tecmint) and forgot to place an “index.html” file in it, you may surprised to know that all your website visitors can get a complete listing of all your important files and folders simply by typing http://www.example.com/tecmint in the browser.

In this article, we will show you how to disable or prevent directory listing of your Apache web server using .htaccess file.

This is how directory listing will be shown to your visitors when index.html not present in it..

Apache Directory Listing
Apache Directory Listing

For starters, .htaccess (or hypertext access) is a file which enables a website owner to control the server environment variables as well as other vital options to enhance functionality of his/her website(s).

For additional information about this important file, read the following articles to secure your Apache web server using .htaccess method:

  1. 25 Apache Htaccess Tricks to Secure Apache Web Server
  2. Password Protect Apache Web Directories Using .htaccess File

Using this simple method, the .htaccess file is created in any and/or every directory in the website directory tree and provide features to the top directory, subdirectories and files inside them.

First of all, activate the .htaccess file for your website in master apache configuration file.

$ sudo vi /etc/apache2/apache2.conf    #On Debian/Ubuntu systems
$ sudo vi /etc/httpd/conf/httpd.conf   #On RHEL/CentOS systems

Then look for the section below, where the value of the AllowOverride directive must be set to AllowOverride All.

<Directory /var/www/html/>
       Options Indexes FollowSymLinks
       AllowOverride All

However, if you have an existing .htaccess file, make a backup of it as follows; assuming you have it in /var/www/html/tecmint/( and want to disable listing of this directory):

$ sudo cp /var/www/html/tecmint/.htaccess /var/www/html/tecmint/.htaccess.orig  

Then you can open (or create ) it in the particular directory for modification using your favorite editor, and add the line below to turn off Apache directory listing:

Options -Indexes 

Next restart the Apache web server:

-------- On SystemD based systems -------- 
$ sudo systemctl restart apache2
$ sudo systemctl restart httpd

-------- On SysVInit based systems -------- 
$ sudo /etc/init.d/apache2 restart 
$ sudo /etc/init.d/httpd restart

Now verify the result by typing http://www.example.com/tecmint in the browser, you should get a message similar to the following.

Apache Directory Listing Disabled
Apache Directory Listing Disabled

That’s all! In this article, we described how to disable directory listing in Apache web server using .htaccess file. We will also cover two other useful as well as easy methods for the same purpose in upcoming articles, until then, stay connected.

As usual, make use of the feedback form below to send us your thoughts about this tutorial.

If you liked this article, then do subscribe to email alerts for Linux tutorials. If you have any questions or doubts? do ask for help in the comments section.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

8 thoughts on “Disable Apache Web Directory Listing Using .htaccess File”

  1. My website runs on the IIS configured Windows server. So I can’t use the Apache related options. It could’ve been helpful to me if you add configuration details related to the IIS server.

  2. Hi,

    In my case the particular section of file /etc/httpd/conf/httpd.conf looks something like this:

      Options FollowSymLinks
      AllowOverride None

    So do I have to make it:

      Options FollowSymLinks
      AllowOverride None
      Options -Indexes


    • I found the issue: the httpd.conf file on my CentOS 7 server has multiple Directory sections: entirety of file system, document root, cgi-bin, etc.

      • I first edited the entirety of file system, this did not work.
      • I then edited the document root section, this worked.
      • I’m not sure yet if both sections should be edited for the changes.
  3. Thank you for your advice!

    “Options -Indexes ”
    But I am not sure how the final contents of this file .htaccess should be shown:

    Options -Indexes
    AllowOverride All

    Is that right?


Got something to say? Join the discussion.

Have a question or suggestion? Please leave a comment to start the discussion. Please keep in mind that all comments are moderated and your email address will NOT be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.