How to disable directory browsing in apache configuration?

One of the “must do’s” on setting a secure apache web server is to disable directory browsing.

Usually apache comes with this feature enabled but its always a good idea to get it disabled unless you really need it.

First of all find where is the main apache’s config file httpd.conf is located.

Usually it will be located in path like this: /etc/apache/httpd.conf.
To edit this file you will need root access to your server.

Using some file editor like Vim or Nano open this file and find the line that looks as follows:

Options Includes Indexes FollowSymLinks MultiViews

then remove word Indexes and save the file. The line should look like this one:

Options Includes FollowSymLinks MultiViews

After it is done, restart apache (e.g. /etc/init.d/apache restart).

That’s it!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s