This is one way of protect Website files, Directories and images by hacking.If we have disabled listing files, nobody can able to view your potentially sensitive web site files on webpage. If directories listing is not secured it will allow users to access information very easily Therefore they can investigate the web server and hacking the website.
Disable directory listing:
If you want to disable the directory listing on browser, create a .htaccess under your website root directory or if the file is already existing open it and add the below text lineOptions - Indexes
Enable directory listing :
To Enable the directory listing on browser just open the same file and replace “Options +Indexes” line instead of Options –Indexes.Options +Indexes (or)
IndexIgnore *
IndexIgnore *
Disable files with specific extension:
Ignore listing files on browser at certain file extension, it will be done by IndexIgnore, I have decided will not listing file formats are .gif, .txt, .gar.gz.IndexIgnore *.gif *.txt *.tar.gz
Disable directory browsing using httpd.conf:
My suggestion is that we have to configure in server end to get more secure will effect all VirtualHost, If you are using apache web server you can easily disable the listing directory by httpd.conf file. If apache server installed under the /usr/local/ open the httpd.conf file under conf directory like,# cd /usr/local/apache/conf/
# vim httpd.conf
# vim httpd.conf
Like, Options ExecCGI FollowSymLinks Indexes IncludesNOEXEC SymLinksIfOwnerMatch then remove word Indexes and save the file after changes,
<Directory "/usr/local/apache/htdocs">
Options ExecCGI FollowSymLinks IncludesNOEXEC SymLinksIfOwnerMatch
AllowOverride All
…
</Directory>
Options ExecCGI FollowSymLinks IncludesNOEXEC SymLinksIfOwnerMatch
AllowOverride All
…
</Directory>
Finally, restart the apache server
# /etc/init.d/httpd restart
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
Stopping httpd: [ OK ]
Starting httpd: [ OK ]
The directory browsing feature should be disabled.
Comments (0)