Disable Indexes using .htaccess
Posted in Apache | By LGR | On October 5th, 2007
I have several personal websites on a shared server where indexes are turned on by default in Apache. That is simply annoying, because I hate having stray empty index.html files sitting all over the place. I suppose I could just leave the indexes on but I dislike the idea of anyone in the world being able to just peek into folders, even if it is unlikely they will find anything very interesting, you just never know. They might have some hole into the system. Anyways, if you are like me the easiest way of getting rid of indexes is using one line in an .htaccess file in the root folder:
Options -Indexes
Now if a folder does not have an index.html file the server will respond with a 404 file not found error and send people your error page. Amazing how that one simple line can save time and keep you from having to go and create index.html files in all those folders you don’t want people poking around in.
If you are still wondering why you would want to do this take a read through this post titled “Find almost any kind of Ebook or File Online” over at Earners Blog. One line in the .htaccess file stops that from happening.
Similar Posts:
- Custom 404 Page using .htaccess
- Process .html as PHP
- 5 WordPress Security Essentials
- Tell the Robots Where Not to Go
- Blogger Label List for FTP Published Blogs
- Using .htaccess to Block Comment Spam
- Htaccess Tools
- WWW or Not: That is the Question?
- RSS Feed Scraper
- Use .htaccess to Block a Country
thank you for sharing this tip. I’ve placed it in my .htaccess file and it appears to be working!
[...] the place and keeps people from snooping in other folders as well. I talk about it on my blog here: Disable Indexes using .htaccess var sz_comment_data_array = [];sz_comment_data_array[0]= {comment_id:”1805″, comment_author:”LGR”, [...]
Jeffro,
No problem. It is much easier and faster and you don’t have to worry about missing a folder.
hi LGR.. I just saw your comment on Alltipsandtricks and am right now trying to make this work! I opened .htaccess file in edit mode and am getting a warning displayed in bold red up top saying ‘you am not using utf-8l language file, you should not save utf-8 data or you will get corrupted results.” then there is a link for changing your language file.. clicking on that gives a drop down menu where English utf-8 is listed! Are you aware of this at all? I am right now using English is the current language! any insight would be appreciated!! thanks!
Oh and I placed an index.html file in the plugins folder and I am still able to see the plugins!! and unfortunately I am not able to change the CHMOD permissions of the folder either!
[...] of our loyal readers, LGR, pointed to a third solution, which is by far the most elegant of all: Disable Indexes using .htaccess. Add a line to your .htaccess file: Option -Indexes, thus preventing browsing folders which [...]
Thanks mate! Works like a charm.
Is there a way to specify what page to redirect to if there is a 404? Currently it’s displaying one created by my web hosting company, which I would prefer to get rid of.
Cheers!
[...] posted a good question on my earlier post on how to Disable Indexes using .htaccess. Is there a way to specify what page to redirect to if there is a 404? Currently it’s displaying [...]
Oh, because Index.html wasn’t doing anything, I thought of adding Options -indexes in .htaccess – if I were to add it to .htaccess, do I add it at the top of the entire code?
and thanks .. I’ll fix the Index to index now… AND also do the Options -Indexes I think this sounds better!
pearl,
Well that is a new one for me. What are you using to edit the file?
I peeked in your folder. Rename Index.html to index.html. On Linux Index.html is not the same as index.html.
Mike,
Good question. I thought I would answer it in a new post. Custom 404 Page using .htaccess.
Hope that helps.
Turning off indexes is a much better solution. You don’t end up with a bunch of stray empty index.html files, attempts to access folders are logged so you can see who is trying to poke around and it really is easy to implement. Hope it works for you.