Ratings, reviews, plans and features to help you find the right web hosting provider for your site.

How to prevent or allow directory listing?

Web Hosting Articles » A simple guide to .htaccess » How to prevent or allow directory listing?



Having a listable directories on your site sometimes is useful. However, some times it can be considered a security issue. No, matter which option you prefer you can control this behavior of your site using 1 simple line:

Options +Indexes

The above line enables Directory listing.

Options –Indexes

The above disables directory listing for your web site.

The .htaccess file gives more then simply enabling and disabling of a directory listing.
With .htaccess file you can control which files to be ignored when creating a directory list.
For example:

IndexIgnore *.gif *.zip *.txt

Will make the apache server to skip all gif, zip and txt files from the directory list.
Convenient, isn’t it.

IndexIgnore *

Will just create an empty directory list.


  1. How to block users from accessing your site based on their IP address
  2. How to prevent or allow directory listing?
  3. How to change the error documents – 404 Page Not Found, etc
  4. Using .htaccess for password protecting your folders
  5. Using .htaccess to block referrer spam
  6. Disable Hot-Linking of images and other files
  7. Redirect URLs using .htaccess
  8. Introduction to mod_rewrite and some basic examples
  9. Force SSL/https using .htaccess and mod_rewrite
  10. 301 Permanent redirects for parked domain names
  11. Enable CGI, SSI with .htaccess
  12. How to add Mime-Types using .htaccess
  13. Change default directory page
  14. Block Bad robots, spiders, crawlers and harvesters
  15. Make PHP to work in your HTML files with .htacess
  16. Change PHP variables using .htaccess
  17. HTTP Authentication with PHP running as CGI/SuExec
  18. Force www vs non-www to avoid duplicate content on Google
  19. Duplicate content fix index.html vs / (slash only)

Comments 14 >>

Rose Marie Said,
Nov 24, 2006 @ 14:40

I need help so much. I have been having so much trouble trying to ban this one person from coming to my site and nothing works. I am at my wits end. I have used this 207.14.163.0 - 207.14.163.255 and this person is still coming on can you help me understand what I am not doing for this to happen, I have read all info in this and can not understand what I am doing wrong. Thank you so much hope to hear something ASAP to ban this person
hemant jain Said,
May 10, 2008 @ 13:07

i have siimply uploaded the file .htaccess in my server after writting the code but also it is not blocking ip address should i do somthing more to make run it properly
rahul Said,
Jun 25, 2008 @ 07:27

i have used this :

Options –Indexes

in my .htaccess file which is inside

localhost/test/includes/. and working in apache for windows 2000.

But its not working and user can see the list of files inside folder "inlcudes".
i am working in bank and currently working on localhost.
Sir/ Mam if u have any suggestion for me i will be thanksfull for this purpose.

thanks
Rahul - IT Professional
Windsor Exports Said,
Sep 09, 2008 @ 01:46

Manufacturer and Exporter of Sintered bush, Sintered bushing, Rolling bush, Oil bush, Truck part, Auto Bolts, Auto Parts, sintered bush india, Traders sintered bush.We are supplier of Fasteners, Exporter Sintered bush.
vijay kadadi Said,
Oct 06, 2008 @ 13:03

Installed /Configured the wamp5 with default settings and put the php sites and it works properly so i want to prevent the c:\wamp\www directroy listing....How..? 1>using .htaccess file ( Options –Indexes) or 2>
Mioot Said,
Jul 05, 2009 @ 22:14

I need to enable the directory index for subfolder , How can I do this via .htaccess
vince Said,
Jul 06, 2009 @ 04:31

Just create an .htaccess file in this subfolder and add there:

Options +Indexes
Aaron Said,
Jul 11, 2009 @ 01:40

thanks for the tips. I was looking for this.

Just a question, using IndexIngnore * will not affect the search engines in any way correct ?
Vince Said,
Jul 11, 2009 @ 12:45

It should not affect search engines, unless you wish to have the directory contents, as they are, indexed.
Jesus Said,
Sep 06, 2009 @ 21:26

I tried this method to disable indexes but anytime ANY page on my site is accessed I get the following error message:

Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, webmaster@offensivechrist.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.


Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request.


--------------------------------------------------------------------------------

Apache/1.3.41 Server at offensivechrist.com Port 80
desk lancer Said,
Sep 20, 2010 @ 14:04

dont know why people saying it is not working
it works for me however first time i got error when i just copied from here and placed on .htaccess and later on i wrote it on .htaccess and was working fine so i recommend do not copy past re write it or copy it on a .txt file and then copy from txt file
and if you copy from here it will go as
Options –Indexes

remove this – and place - or +
VIS Racing Sports Said,
Jan 16, 2011 @ 15:35

I tried using this in a sub directory but it still does not allow browsing, maybe it is because the parent directory disables browsing and it propagates down to the child directories, overriding them I suppose.
a critique Said,
Feb 11, 2011 @ 01:23

Articles are very good and useful, but we also need to know that, how hackers think or find the loopholes in our websites, what should we do to prevent such loop holes.


thanks
Ashok Said,
Jan 17, 2012 @ 10:18

When i worked ist time with ".htaccess" , i got error, but after it i worked properly, this is really great, i used it in many website.
Your comments on this article

(required)

(required but never displayed)



security code



Previous: How to block users from accessing your site based on their IP address Next: How to change the error documents – 404 Page Not Found, etc