Disable Apache Web Directory Listing Using .htaccess File

Securing your apache web server is one of the most important task, specially when you setting up a new website.

For example, if you create a new website directory called “tecmint” under your Apache server (/var/www/tecmint or /var/www/html/tecmint) and forgot to place an “index.html” file in it, you may surprised to know that all your website visitors can get a complete listing of all your important files and folders simply by typing http://www.example.com/tecmint in the browser.

In this article, we will show you how to disable or prevent directory listing of your Apache web server using .htaccess file.

This is how directory listing will be shown to your visitors when index.html not present in it..

Apache Directory Listing

Apache Directory Listing

For starters, .htaccess (or hypertext access) is a file which enables a website owner to control the server environment variables as well as other vital options to enhance functionality of his/her website(s).

For additional information about this important file, read the following articles to secure your Apache web server using .htaccess method:

  1. 25 Apache Htaccess Tricks to Secure Apache Web Server
  2. Password Protect Apache Web Directories Using .htaccess File

Using this simple method, the .htaccess file is created in any and/or every directory in the website directory tree and provide features to the top directory, subdirectories and files inside them.

First of all, activate the .htaccess file for your website in master apache configuration file.

$ sudo vi /etc/apache2/apache2.conf    #On Debian/Ubuntu systems
$ sudo vi /etc/httpd/conf/httpd.conf   #On RHEL/CentOS systems

Then look for the section below, where the value of the AllowOverride directive must be set to AllowOverride All.

<Directory /var/www/html/>
       Options Indexes FollowSymLinks
       AllowOverride All
</Directory>

However, if you have an existing .htaccess file, make a backup of it as follows; assuming you have it in /var/www/html/tecmint/( and want to disable listing of this directory):

$ sudo cp /var/www/html/tecmint/.htaccess /var/www/html/tecmint/.htaccess.orig  

Then you can open (or create ) it in the particular directory for modification using your favorite editor, and add the line below to turn off Apache directory listing:

Options -Indexes 

Next restart the Apache web server:

-------- On SystemD based systems -------- 
$ sudo systemctl restart apache2
$ sudo systemctl restart httpd

-------- On SysVInit based systems -------- 
$ sudo /etc/init.d/apache2 restart 
$ sudo /etc/init.d/httpd restart

Now verify the result by typing http://www.example.com/tecmint in the browser, you should get a message similar to the following.

Apache Directory Listing Disabled

Apache Directory Listing Disabled

That’s all! In this article, we described how to disable directory listing in Apache web server using .htaccess file. We will also cover two other useful as well as easy methods for the same purpose in upcoming articles, until then, stay connected.

As usual, make use of the feedback form below to send us your thoughts about this tutorial.

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Aaron Kili

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

6 Responses

  1. Ken says:

    I followed these instructions precisely but it did not work at all.
    I’m using CentOS 7 with apache web server

    • Ken says:

      I found the issue: the httpd.conf file on my CentOS 7 server has multiple Directory sections: entirety of file system, document root, cgi-bin, etc.

      • I first edited the entirety of file system, this did not work.
      • I then edited the document root section, this worked.
      • I’m not sure yet if both sections should be edited for the changes.
  2. thanks for the tip, it helped a lot

  3. Alexey says:

    Thank you for your advice!

    “Options -Indexes ”
    But I am not sure how the final contents of this file .htaccess should be shown:

    Options -Indexes
    AllowOverride All

    Is that right?

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.