MDLog:/sysadmin

The Journal Of A Linux Sysadmin

• Home
• Most Popular
• Contact
• About
• Forum

Apache Tips & Tricks: Disable directory indexes

Applies: apache 1.3.x / apache 2.0.x
Required apache module: core/-mod_autoindex
Scope: global server configuration, virtual host, directory, .htaccess
Type: security

Description: How to disable directory indexes.
Useful: to prevent the server from showing a listing of the existing files in case there is no index (as defined by DirectoryIndex) in one folder. In my opinion if you need this enabled then you should enable it only on some particular directory where you need it and disable it server wide. Also it might be useful that in the places you have it enabled to hide any files that need to be private as shown in my previous tip: “Hide a file type from directory indexes“.

Options - Indexes

The Options directive is the place where you can enable or disable the index generation. This is set by default to ALL (meaning that it will turn ON also Indexes), but normally you will see this overwritten by each distribution either globally or inside the default vhost definition.

As I said previously my approach is to start by disabling directory indexes globally. This is done in the main server config, by adding the Options directive (or only adding to it the -Indexes part in case you have other global options defined):

Options -Indexes

Now as long as you will not overwrite this inside any directory or vhost it will disable the generation of directory indexes. Your root directory may look like this for example:

<Directory />
    Options FollowSymLinks
    AllowOverride None
</Directory>

the important thing is to not include the addition of Indexes. As long as you have AllowOverride None it will prevent any accidental changes done in .htaccess files.

If you want to enable indexes generation on some particular directory or vhost just add the Indexes option:

<Directory /www/somefolder>
    Options Indexes FollowSymLinks
    AllowOverride None
</Directory>

and this will enable only in that folder the generation of indexes. In this case, you might want to prevent the listing of some file types as seen in my previous post: “Hide a file type from directory indexes“.

Go to:
Main page of all my Apache Tips & Tricks

Share This

Random Posts

• Install MySQL 5.0.51a from the binary tar.gz package
• EnGarde Secure Community 3.0.18 Released
• Current issues in the Debian and Ubuntu relationship
• Using the Bcfg2 SSHbase plugin
• xargs: unmatched single quote
• 200609 Poll Results: Who is managing your Linux server/s?
• MySQL 5.1 Release Candidate by the end of September!
• Install MC (Midnight Commander) on RHEL3/Centos3
• Digg Story Button on your site
• What is your favorite Linux distribution?

Posted in Tips & Tricks | by - Marius -
You can leave a response, or trackback from your own site.

4 Responses to “Apache Tips & Tricks: Disable directory indexes”

• 1
  Jeremy
  1st September 2007, 00:13

  Worked like a charm and taught me yet another thing. Thanks for taking the time to write this.
• 2
  Dedicated
  22nd September 2007, 15:06

  Great post ! It is really very helpful
• 3
  BrianMurray
  25th June 2008, 08:15

  Worked a treat when I figured that httpd.conf was overriding the .htaccess.

  There was already a section in httpd.conf for /opt/www and this had: Options Indexes FollowSymLinks

  I changed this to Options -Indexes FollowSymLinks, restarted apache, and hey presto, the beautiful “Forbidden” message comes up.

  Thanks once again for your prompt assistance.

  Regards,

  Brian.
• 4
  Erik
  4th September 2008, 06:55

  Cant get it to work, I’ve done this a houndet of times but CetOS sucks..Everything is a mess with that dist.

Leave a Reply

Name (required) Mail (will not be published) (required) Website

Notify me of followup comments via e-mail

© 2006-2008 MDLog:/sysadmin | Powered by WordPress.

Close

• Social Web
• E-mail