Turn Off Directory Browsing
August 7, 2007 – 5:39 pmTip courtesy of Kyle Reynolds at http://www.camelrichard.org
For security, you might wish to turn off the directory browsing capability on your Apache server. By doing so, you prevent users from browsing the directory structure in your web docs.
My basic httpd.conf had this entry:
<Directory "/u01/app/apache/htdocs"> Options Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory>
which allows the user to browse the directory structure.
to turn directory browsing off, I added a “-” in front of Indexes after Options.
<Directory "/u01/app/apache/htdocs"> Options -Indexes FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory>
and now the user receives a ‘403 forbidden’ error when attempting to browse the directory structure.