1

I haven't uploaded index.html or index.php to my root directory. How can I prevent people from looking at a listing of files in parent directory?

<>

Also, is it possible for people to obtain a list of all the files in the root directory once I upload index.html?

I'm currently using .htaccess and htusers to prompt someone to enter a username and password when they try to access any file in the root directory.

This may sound like a weird request but would it be possible to have them come to the site (without an index.html) and just have them not see the files? All it would say on the page would be the following:

Index of/

Apache Server at mysite.com Port 80

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
user784637
  • 1,542
  • 7
  • 35
  • 52

3 Answers3

3

Add this to your .htaccess:

Options -Indexes

it will show an "Forbidden 403" Error when a user tries to access the page.
Also after you have uploaded an proper index.html the users won't be able to get the listing.
It is still good practice to keep the -Indexes Option in it if you don't want ever to show the list, in case for example of a misconfiguration or you moved the index.html away by accident.

faker
  • 17,496
  • 2
  • 60
  • 70
2

Use Options -Indexes to turn off auto-generation of indexes.

AlexD
  • 8,747
  • 2
  • 29
  • 38
0

In addition to AlexD's answer, you can try putting in .htaccess:

IndexIgnore *.csv

for specific file extensions.

More help is available at http://httpd.apache.org/docs/current/howto/htaccess.html

galo
  • 153
  • 4