Turn Off Directory Browsing

Tags:

Apache

For security, you might wish to turn off the directory browsing capability on your Apache server. By doing so, you prevent users from browsing the directory structure in your web docs.

My basic httpd.conf had this entry:

<Directory "/u01/app/apache/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

which allows the user to browse the directory structure.

to turn directory browsing off, I added a "-" in front of Indexes after Options.

<Directory "/u01/app/apache/htdocs">
    Options -Indexes FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

and now the user receives a '403 forbidden' error when attempting to browse the directory structure.

Add new comment
12524 reads

Turn Off Directory Browsing

topics