deny directory listing with htaccess

Options -Indexes should work to prevent directory listings.

If you are using a .htaccess file make sure you have at least the "allowoverride options" setting in your main apache config file.

For showing Forbidden error then include these lines in your .htaccess file:

Options -Indexes

If we want to index our files and showing them with some information, then use:

IndexOptions -FancyIndexing

If we want for some particular extension not to show, then:

IndexIgnore *.zip *.css

Try adding this to the .htaccess file in that directory.

Options -Indexes

This has more information.

If Options -Indexes does not work as Bryan Drewery suggested, you could write a recursive method to create blank index.php files.

Place this inside of your base folder you wish to protect, you can name it whatever (I would recommend index.php)

<?php

recurse(".");

function recurse($path){
    foreach(scandir($path) as $o){
        if($o != "." && $o != ".."){
            $full = $path . "/" . $o;
            if(is_dir($full)){
                if(!file_exists($full . "/index.php")){
                    file_put_contents($full . "/index.php", "");
                }
                recurse($full);
            }
        }
    }
}

?>

These blank index.php files can be easily deleted or overwritten, and they'll keep your directories from being listable.

deny directory listing with htaccess

Tags:

Apache

.Htaccess

Related

Recent Posts