Prevent Directory Listing using .htaccess

What is directory listing ?

As we know, most of the website contains “images” folder inside the root folder. If we type “www.somesite.com/images” in the browser and it shows the listing of the files in the browser like the picture below which means that directory listing is allowed on that web server. It’s better not to show the files inside the directory of the web sever for the security purpose.

prevent directory listing using htaccess

Why and what is prevent directory listing ?
Most of the web server are configured in such a way that it doesn’t show the listing of the directory but some of them are not.In some cases, you don’t want to allow users to view the files of the particular directry in such a direct way and prevent the listing of that directory.

How to prevent directory listing ?

Put the any one of following code into the .htaccess file

Options -Indexes
or
IndexIgnore *

If you place that .htaccess file in the root folder then direcotry listing is prevented of the sub-folder as well. And if you place the .htaccess file inside the “images” folder then directory listing are prevented of that particular directory only.

Let’s suppose that you don’t want to list “.jpp , .gif and .zip” and you don’t care about listing other files of that directory then you can out the following code inside .htaccess.

IndexIgnore *.gif *.jpg *.zip

Finally, If your server is setup with preventing directory listing then you can add the following code in the .htaccess file to allow the directory listing.

Options +Indexes

15 thoughts on “Prevent Directory Listing using .htaccess

  1. Praveen

    Hi Roshan,
    Thanks for this nice article. I have tried ur example but it is not working. Could you tell me how to create and use .htaccess file.

    Plz help me
    Thanks in advance

  2. put Options -Indexes in .htaccess and it should work….but overriding should be allowed in httpd.conf file..

  3. propediotika

    Hi, thanks for this tip.

  4. Its works for me….

    Thanks roshan,

  5. hi.. this is a very useful article

    thank you dude.

  6. Hardik

    Hi Roshan

    Such a Nice atricle. Thanks for the sharing some useful info.

  7. Thanks! so much useful

  8. Alok

    Thanx alot

  9. Hmm.. now this i don’t see everyday on the net.And somehow… this gets to be usefull.

  10. hardik

    Hello roshan

    i have put htaccess file in root directory so in all directory htaccess rules apply

    but i got probs in my fackediotor directory so how i remove this direct frm htaccess rules

    can u give me solutions plz?

    waiting reply

    hardik

  11. wendy

    Hi Roshan,

    This is such a nice and useful article. It works for me.

    Thanks a lot.

  12. Neeraj

    Hi All ,
    I used Options -Indexes in .htaccess

    when i hit the url like http://www.domain.com/js Then i get forbidden permission page (that is ok)
    But when i use hit the url http://www.domain.com/js/demo.js then js file code is displayed at the broweser

    is it possible to prevent the access of viewing the js or any other file (jpg,png) etc if url enter the complete path

  13. pankaj

    Hi Roshan,

    it’s work awesome but tell me one if i don’t want to display forbidden i need to show own blog or whatever i will show there when i will type any folder name like images or css or js then that time show any page when i have make that page how could i do this? please help me asap
    warm regards
    pankaj

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>