Disable Apache Web Directory Listing Using .htaccess File

Securing your apache web server is one of the most important task, specially when you setting up a new website.

For example, if you create a new website directory called “tecmint” under your Apache server (/var/www/tecmint or /var/www/html/tecmint) and forgot to place an “index.html” file in it, you may surprised to know that all your website visitors can get a complete listing of all your important files and folders simply by typing http://www.example.com/tecmint in the browser.

In this article, we will show you how to disable or prevent directory listing of your Apache web server using .htaccess file.

This is how directory listing will be shown to your visitors when index.html not present in it..

Apache Directory Listing
Apache Directory Listing

For starters, .htaccess (or hypertext access) is a file which enables a website owner to control the server environment variables as well as other vital options to enhance functionality of his/her website(s).

For additional information about this important file, read the following articles to secure your Apache web server using .htaccess method:

  1. 25 Apache Htaccess Tricks to Secure Apache Web Server
  2. Password Protect Apache Web Directories Using .htaccess File

Using this simple method, the .htaccess file is created in any and/or every directory in the website directory tree and provide features to the top directory, subdirectories and files inside them.

First of all, activate the .htaccess file for your website in master apache configuration file.

$ sudo vi /etc/apache2/apache2.conf    #On Debian/Ubuntu systems
$ sudo vi /etc/httpd/conf/httpd.conf   #On RHEL/CentOS systems

Then look for the section below, where the value of the AllowOverride directive must be set to AllowOverride All.

<Directory /var/www/html/>
       Options Indexes FollowSymLinks
       AllowOverride All
</Directory>

However, if you have an existing .htaccess file, make a backup of it as follows; assuming you have it in /var/www/html/tecmint/( and want to disable listing of this directory):

$ sudo cp /var/www/html/tecmint/.htaccess /var/www/html/tecmint/.htaccess.orig  

Then you can open (or create ) it in the particular directory for modification using your favorite editor, and add the line below to turn off Apache directory listing:

Options -Indexes 

Next restart the Apache web server:

-------- On SystemD based systems -------- 
$ sudo systemctl restart apache2
$ sudo systemctl restart httpd

-------- On SysVInit based systems -------- 
$ sudo /etc/init.d/apache2 restart 
$ sudo /etc/init.d/httpd restart

Now verify the result by typing http://www.example.com/tecmint in the browser, you should get a message similar to the following.

Apache Directory Listing Disabled
Apache Directory Listing Disabled

That’s all! In this article, we described how to disable directory listing in Apache web server using .htaccess file. We will also cover two other useful as well as easy methods for the same purpose in upcoming articles, until then, stay connected.

As usual, make use of the feedback form below to send us your thoughts about this tutorial.

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Aaron Kili
Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

8 Comments

Leave a Reply
  1. My website runs on the IIS configured Windows server. So I can’t use the Apache related options. It could’ve been helpful to me if you add configuration details related to the IIS server.

    Reply
  2. Hi,

    In my case the particular section of file /etc/httpd/conf/httpd.conf looks something like this:

      Options FollowSymLinks
      AllowOverride None
    

    So do I have to make it:

      Options FollowSymLinks
      AllowOverride None
      Options -Indexes
    

    Thanks

    Reply
    • I found the issue: the httpd.conf file on my CentOS 7 server has multiple Directory sections: entirety of file system, document root, cgi-bin, etc.

      • I first edited the entirety of file system, this did not work.
      • I then edited the document root section, this worked.
      • I’m not sure yet if both sections should be edited for the changes.
      Reply
  3. Thank you for your advice!

    “Options -Indexes ”
    But I am not sure how the final contents of this file .htaccess should be shown:

    Options -Indexes
    AllowOverride All

    Is that right?

    Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.