Have you ever visited a site and noticed a listing of all the files instead of the actual HTML on the site (like how it is in the screenshot below)? This is owing to a server setting which displays the directory listing in the absence of an index page. What this means is that if a visitor types the path of a certain directory (e.g. http://example.com/mydir) on a browser window, he can view its contents. That can be dangerous, as it gives a malicious visitor to explore the inner workings of your site. While security by obscurity is generally frowned upon, it is best to hide as much info as possible. The less the hacker knows about you, the less likely he will be able to attack you.

directory browsing

The good news is that this be easily prevented by adding a line to the htaccess file. To disable directory browsing using htaccess, open your htaccess file using a text editor and look for Options Indexes. If it exists modify it to the following, if not add it as a new line.

Options All –Indexes

Save the htaccess file and you’ve successfully disabled directory browsing on your site. A 500 error page will now be displayed whenever a user tries to list the contents of any directory on your site.

disable directory browsing