Htaccess: Prevent Directory Listing
.htaccess: Introduction | Site error documents | Prevent Directory Listing | Redirect | Preventing hot linking | |
.htaccess - Apache directory-level configuration file |
Prevent Folder (Directory) listing
Sometimes I use the term folder and at other times directory; these are interchangeable and mean the same thing, so forgive me when I do this.
If you have read the Site error documents page, you will have created a folder named error. Type the following into your browser address bar: http://localhost/errors/ and you will be greeted with a full listing of its content (folders and files).
Try it on any folder that does not contain one of the following pages:
- index.html, index.shtml, index.html.var
- index.htm, index.php3, index.php
- index.pl, index.cgi
and you will receive a listing of its contents, as would anyone on the internet.
This may not be a desirable response. The following shows you how to prevent this listing.
.htaccess commands
There is only a single command to learn:
Command | Comment |
---|---|
IndexIgnore * |
This prevents listing of all the files; the * is a wildcard that matches all files |
IndexIgnore *.gif *.jpg |
You can be selective and state the file types you do not want listed. Again the wildcard matches all files; in this example all gif and jpg image files are targeted and will not be displayed, while all others will be displayed. |
Personalise index page listings
If you are not going to prevent folder listings, consider personalising the page displayed.
You can personalise the index pages listed by adding a header and footer. This requires either one of two files placed in the folder with the .htaccess file as follows:
File name | Comment |
---|---|
HEADER.html |
This is just a text file containing something like this: <h1>Power of .htaccess</h1> Note: You can insert any regular HTML tag. These are not complete HTML pages, just snippets that are included. |
README.html |
Again this is a text file that uses any regular HTML tag, for example: <h1>More Power of .htaccess</h1>''' Note: You can insert any regular HTML tag. These are not complete HTML pages, just snippets that are included. |