{"id":10505,"date":"2023-12-13T04:41:43","date_gmt":"2023-12-13T04:41:43","guid":{"rendered":"https:\/\/youstable.com\/blog\/?post_type=manual_kb&#038;p=10505"},"modified":"2025-11-22T04:48:10","modified_gmt":"2025-11-22T04:48:10","slug":"disable-directory-browsing-listing-using-htaccess","status":"publish","type":"post","link":"https:\/\/www.youstable.com\/blog\/disable-directory-browsing-listing-using-htaccess","title":{"rendered":"How to Disable Directory Browsing\/Listing using .htaccess?"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"what-is-directory-browsing-or-listing\"><strong>What is Directory Browsing or Listing?<\/strong><\/h2>\n\n\n\n<p>This feature allows users to view the contents of a directory on a web server through a web browser.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"520\" height=\"212\" src=\"https:\/\/youstable.com\/blog\/wp-content\/uploads\/2023\/09\/Disable-Directory-Listing.png\" alt=\"Disable Directory Listing\" class=\"wp-image-10510\" srcset=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2023\/09\/Disable-Directory-Listing.png 520w, https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2023\/09\/Disable-Directory-Listing-150x61.png 150w\" sizes=\"auto, (max-width: 520px) 100vw, 520px\" \/><\/figure>\n\n\n\n<p>When a web server is configured to allow directory browsing, it means that if a user enters the URL of a directory (e.g., http:\/\/example.com\/directory\/), the server will generate a web page displaying the list of files and subdirectories contained within that directory.<\/p>\n\n\n\n<p>In Control Panels <em>like cPanel, DirectAdmin<\/em> this feature is enabled by default so you don\u2019t to use it you should considering disabling it manually.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"why-we-should-disable-directory-listing\"><strong>Why we should Disable Directory Listing?<\/strong><\/h2>\n\n\n\n<p>Directory listing can expose the internal file system paths of your server. This information can be used by attackers to better understand your server&#8217;s structure and potentially identify other vulnerabilities to exploit.<\/p>\n\n\n\n<p>Once attackers got to know whats inside of your hosting account they may attack you with various methods such as&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Brute Force<\/li>\n\n\n\n<li>Exposing Vulnerable Scripts<\/li>\n\n\n\n<li>Phishing and Malware<\/li>\n\n\n\n<li>And many others<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" class=\"wp-block-heading\" id=\"disable-directory-browsing-listing-using-htaccess\">Disable Directory Browsing\/Listing using .htaccess<\/h2>\n\n\n\n<p>This method will work for almost all the control panels based on Apache, LiteSpeed, OpenLiteSpeed etc, even if you are using simple LAMP, LOMP this method will work for you without any issue by changing simple rules.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><a href=\"https:\/\/youstable.com\/blog\/knowledgebase\/how-to-login-into-cpanel\/\" target=\"_blank\" rel=\"noreferrer noopener\">Login to your Control Panel<\/a> (Or Server for LAMP users)<\/li>\n\n\n\n<li>Locate Public_html directory<\/li>\n\n\n\n<li>Unhide <em>.htaccess<\/em> file clicking on <strong>Settings <\/strong>> <strong>Show Hidden Files<\/strong><em> (FTP Doesn\u2019t required)<\/em><\/li>\n<\/ol>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1252\" height=\"398\" src=\"https:\/\/youstable.com\/blog\/wp-content\/uploads\/2023\/09\/Disable-Directory-Browsing.png\" alt=\"Disable Directory Browsing\" class=\"wp-image-10507\" srcset=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2023\/09\/Disable-Directory-Browsing.png 1252w, https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2023\/09\/Disable-Directory-Browsing-768x244.png 768w, https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2023\/09\/Disable-Directory-Browsing-150x48.png 150w\" sizes=\"auto, (max-width: 1252px) 100vw, 1252px\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1026\" height=\"284\" src=\"https:\/\/youstable.com\/blog\/wp-content\/uploads\/2023\/09\/Disable-Directory-Browsing-1.png\" alt=\"Disable Directory Browsing 1\" class=\"wp-image-10509\" srcset=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2023\/09\/Disable-Directory-Browsing-1.png 1026w, https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2023\/09\/Disable-Directory-Browsing-1-768x213.png 768w, https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2023\/09\/Disable-Directory-Browsing-1-150x42.png 150w\" sizes=\"auto, (max-width: 1026px) 100vw, 1026px\" \/><\/figure>\n\n\n\n<ol class=\"wp-block-list\" start=\"4\">\n<li>Create<strong>\/Edit .htaccess<\/strong> file<\/li>\n\n\n\n<li>Add this line on top<\/li>\n<\/ol>\n\n\n\n<pre class=\"wp-block-code\"><code><strong>Options +Indexes<\/strong><\/code><\/pre>\n\n\n\n<ol class=\"wp-block-list\" start=\"6\">\n<li>Now <strong>Save Change<\/strong> and <strong>Close<\/strong>&nbsp;<\/li>\n<\/ol>\n\n\n\n<p>You have successfully disabled Directory Browing for your website just to confirm you can try to access any directory in your browser it suppose to Forbid you.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image aligncenter size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"499\" height=\"130\" src=\"https:\/\/youstable.com\/blog\/wp-content\/uploads\/2023\/09\/Disable-Directory-Browsing-2.jpg\" alt=\"Disable Directory Browsing 2\" class=\"wp-image-10508\" srcset=\"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2023\/09\/Disable-Directory-Browsing-2.jpg 499w, https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2023\/09\/Disable-Directory-Browsing-2-150x39.jpg 150w\" sizes=\"auto, (max-width: 499px) 100vw, 499px\" \/><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>What is Directory Browsing or Listing? This feature allows users to view the contents of a directory on a web [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":10512,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[],"tags":[],"class_list":["post-10505","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry"],"acf":[],"featured_image_src":"https:\/\/www.youstable.com\/blog\/wp-content\/uploads\/2023\/09\/how-to-Disable-Directory-BrowsingListing-using-htaccess.jpg","author_info":{"display_name":"YouStable","author_link":"https:\/\/www.youstable.com\/blog\/author\/youstable"},"_links":{"self":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/10505","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/comments?post=10505"}],"version-history":[{"count":2,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/10505\/revisions"}],"predecessor-version":[{"id":13884,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/posts\/10505\/revisions\/13884"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media\/10512"}],"wp:attachment":[{"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/media?parent=10505"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/categories?post=10505"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.youstable.com\/blog\/wp-json\/wp\/v2\/tags?post=10505"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}