Health & Performance
Website Uptime Monitoring
Monitor the uptime of HTTP, HTTPS, DNS, UDP, TCP, email and more.
Website Speed Monitoring
Monitor full website performance by loading it with a real Chrome browser.
Real User Monitoring
Monitor the speed of user experience for visitors to your website.
Operations
Website Transaction Monitoring
Monitor multiple step transactions and get notified if something goes wrong.
Domain Expiration Monitoring
Monitor the expiration of your domains.
Public Status Page
Display real-time operational updates of your website to the public.
Security
SSL Certificate Monitoring
Monitor the SSL certificate of your website.
Virus Monitoring
New
Get alerted if your website gets infected by viruses or malware.
Ready to get started? Sign up for free
Resources
Learn
Learn new things about various topics related to website monitoring, maintenance, and development.
Comparisons
We compare different tools and services to help you choose the best one for your needs.
Questions
Find answers to common questions about website monitoring, maintenance, and development.
Product Information
Blog
Helpful information for our customers about our updates and product news.
Ready to get started? Sign up for free

How To Deny Directory Listing Using .htaccess?

Home  »  Questions  »  How To Deny Directory Listing Using .htaccess?
Published September 14, 2024

Problem: Unwanted Directory Listing

Directory listing can show sensitive information and create security risks. When a web server shows the contents of a directory, it may reveal files and folder structures that should be hidden from public view.

Solution: Using .htaccess to Deny Directory Listing

Creating a .htaccess File

To stop directory listing, you can make a .htaccess file in the /public_html/Davood/ folder. The .htaccess file is a setup file for Apache web servers. It lets you change the server setup for each directory.

To make the file:

  1. Access your server using FTP or file manager
  2. Go to the /public_html/Davood/ directory
  3. Make a new file named ".htaccess" (with the dot)

Name the file exactly as ".htaccess" without any file ending.

Tip: Hidden File Visibility

Some systems hide files starting with a dot by default. If you can't see the .htaccess file after creating it, you may need to enable 'Show Hidden Files' in your file manager or FTP client settings.

Adding the Directive to Deny Directory Listing

After you've made the .htaccess file, add this line to it:

Options -Indexes

This command tells Apache to turn off directory listing for the current directory and its subdirectories. The "-Indexes" option removes Apache's ability to make a directory listing when there's no index file (like index.html or index.php) in a directory.

Applying the Rule to Subfolders

The rules in a .htaccess file apply to its directory and all subdirectories. This means putting the .htaccess file in /public_html/Davood/ will protect all folders within Davood, including Test1, Test1/Test, Test2, and any other subfolders.

This passing down of rules makes it easy to protect many directories with one .htaccess file. You don't need to make separate .htaccess files for each subfolder.

To protect all subdirectories:

  1. Put the .htaccess file in the top directory you want to protect (/public_html/Davood/ in this case)
  2. Include the "Options -Indexes" directive in the file
  3. Save the file

This setup will stop directory listing for /public_html/Davood/ and all its subfolders, giving a simple fix to the problem.

Example: Overriding .htaccess Rules

If you want to allow directory listing for a specific subfolder while keeping it disabled for others, you can create another .htaccess file in that subfolder with the following content:

Options +Indexes

This will override the parent directory's setting and enable directory listing for this specific subfolder.

Verifying the Directory Listing Prevention

After setting up the .htaccess file to prevent directory listing, check if the configuration works correctly. Here's how to test and what to expect:

Testing the configuration:

  • Open a web browser and enter the URL of a directory without an index file. Example: http://yourdomain.com/Davood/Test1/

  • Access different subdirectories to make sure the rule applies to all of them.

  • Test from a different device or network to confirm the changes are not just cached on your local machine.

Tip: Use Incognito Mode

When testing your directory listing prevention, use your browser's incognito or private browsing mode. This helps avoid cached content and provides a more accurate test of your server's response.

Expected behavior when accessing directories:

  • Instead of seeing a list of files and folders, you should get a "403 Forbidden" error or a similar message.

  • The error message may vary depending on your server configuration, but it should indicate that access is not allowed.

  • If you have a custom error page set up, it might show instead of the default error message.

  • Accessing files directly by their full URL should still work, if the user has the correct permissions.

If you still see directory listings after setting up the .htaccess file, try these steps:

  • Check if the .htaccess file is in the correct location (/public_html/Davood/).

  • Make sure the file permissions allow the web server to read the .htaccess file.

  • Confirm that your Apache configuration allows .htaccess files to override settings (AllowOverride directive).

  • Clear your browser cache and try again.

By following these steps, you can confirm that your directory listing prevention is working as intended, adding security to your web server.

Get Alerted When Your Website Goes Down
Uptime & speed monitoring for websites
Multiple-step transaction monitoring
SSL certificate health monitoring
Virus & malware monitoring
Status pages & incident alerts
Resources
Pricing
Comparisons
Knowledge Base
Blog
Learn
Questions
Monitoring Checkpoints
Solutions
Contact Us
Public Roadmap
Affiliate Program
Sitemap
API Documentation
Products
Uptime Monitoring
Speed Monitoring
Transaction Monitoring
Real User Monitoring
SSL Monitoring
Domain Monitoring
Public Status Page
Virus Monitoring
New
Tools
Website Availability Test
Uptime Calculator
Cron Expression Generator
Cron Expression Descriptor
Hex to RGB Converter
RGB to Hex Converter
Show All Tools
Legal
Privacy Policy
Cookie Policy
Terms and Conditions
GDPR
© 2015-2024 Uptimia. All rights reserved.
English English
English English
Deutsch Deutsch
Français Français