deny directory listing with htaccess

120
votes

I have a folder, for example : /public_html/Davood/ and too many sub folder in folder, for example : /public_html/Davood/Test1/ , /public_html/Davood/Test1/Test/ , /public_html/Davood/Test2/ , ...

I want add a htaccess file into /public_html/Davood/ To deny DirectoryListing In /Davood And Sub Folders, It's Possible ?

9
apache.htaccess
I don't see why Options All -Indexes didn't work as in few answers!Fr0zenFyr
@Fr0zenFyr it's depend to webserver configuration, if AllowOverride All, worksDJafari
Options -Indexes is the good solution. But there are multiple other solutions you can use with htaccess to deny directory listing .. see here helponnet.com/2021/07/29/apache-disable-directory-listingAmit Verma

9 Answers

142
votes

Options -Indexes should work to prevent directory listings.

If you are using a .htaccess file make sure you have at least the "allowoverride options" setting in your main apache config file.

85
votes

Try adding this to the .htaccess file in that directory.

Options -Indexes

This has more information.

36
votes

If Options -Indexes does not work as Bryan Drewery suggested, you could write a recursive method to create blank index.php files.

Place this inside of your base folder you wish to protect, you can name it whatever (I would recommend index.php)

<?php

recurse(".");

function recurse($path){
    foreach(scandir($path) as $o){
        if($o != "." && $o != ".."){
            $full = $path . "/" . $o;
            if(is_dir($full)){
                if(!file_exists($full . "/index.php")){
                    file_put_contents($full . "/index.php", "");
                }
                recurse($full);
            }
        }
    }
}

?>

These blank index.php files can be easily deleted or overwritten, and they'll keep your directories from being listable.

25
votes

For showing Forbidden error then include these lines in your .htaccess file:

Options -Indexes

If we want to index our files and showing them with some information, then use:

IndexOptions -FancyIndexing

If we want for some particular extension not to show, then:

IndexIgnore *.zip *.css
15
votes

Options -Indexes perfectly works for me ,

here is .htaccess file :

<IfModule mod_rewrite.c>
    <IfModule mod_negotiation.c>
        Options -MultiViews -Indexes <---- This Works for Me :)
    </IfModule>


   ....etc stuff

</IfModule>

Before : enter image description here

After :

enter image description here

8
votes

There are two ways :

  1. using .htaccess : Options -Indexes

  2. create blank index.html

5
votes
Options -Indexes

I have to try create .htaccess file that current directory that i want to disallow directory index listing. But, sorry i don't know about recursive in .htaccess code.

Try it.

3
votes

Agree that

Options -Indexes

should work if the main server is configured to allow option overrides, but if not, this will hide all files from the listing (so every directory appears empty):

IndexIgnore *
2
votes

Options -Indexes returns a 403 forbidden error for a protected directory. The same behaviour can be achived by using the following Redirect in htaccess :

RedirectMatch 403 ^/folder/?$

This will return a forbidden error for example.com/folder/ .

You can also use mod-rewrite to forbid a request for folder.

RewriteEngine on

RewriteRule ^folder/?$ - [F]

If your htaccess is in the folder that you are going to forbid , change RewriteRule's pattern from ^folder/?$ to ^$ .