Htaccess: Prevent Directory Listing

From The Uniform Server Wiki
Revision as of 13:53, 9 September 2011 by BobS (talk | contribs) (Punctuation and grammatical changes; some clarification.)
Jump to navigation Jump to search

MPG UniCenter

.htaccess: Introduction | Site error documents | Prevent Directory Listing | Redirect | Preventing hot linking |

.htaccess - Apache directory-level configuration file

Prevent Folder (Directory) listing

Sometimes I use the term folder and at other times directory; these are interchangeable and mean the same thing, so forgive me when I do this.

If you have read the [Htaccess: Site error documents | site error documents page]] you will have created a folder named error. Type the following into your browser address bar: http://localhost/errors/ and you will be greeted with a full listing of its content (folders and files).

Try it on any folder that does not contain one of the following pages:

  • index.html, index.shtml, index.html.var
  • index.htm, index.php3, index.php
  • index.pl, index.cgi

and you will receive a listing of its contents, as would anyone on the internet.

You may not find this a desirable response. This page shows you how to prevent this listing.

htaccess commands

There is only a single command to learn:

Command Comment

IndexIgnore *

This prevents listing of all the files; the * is a wildcard that matches all files

IndexIgnore *.gif *.jpg 

You can be selective and state the file types you do not want listed. Again the wildcard matches all files; in this example all gif and jpg image files are targeted and will not be displayed, while all others will be displayed.

Personalise index page listings

If you are not going to prevent folder listings, consider personalising the page displayed.

You can personalise the index pages listed by adding a header and footer. This requires either one of two files placed in the folder with the .htaccess file as follows:

File name Comment

HEADER.html

This is just a text file containing something like this:

<h1>Power of .htaccess</h1>

Note: You can insert any regular HTML tag. These are not complete HTML pages, just snippets that are included.

README.html

Again this is a text file that uses any regular HTML tag, for example:

<h1>More Power of htaccess</h1>'''
<p>Why the name README and not FOOTER, I have no idea</p>

Note: You can insert any regular HTML tag. These are not complete HTML pages, just snippets that are included.