Disable Directory Browsing
By default, Apache allows your visitors to browse through a directory if it does not has an index file. However, you can turn if off by following method:
- Open your .htacces file
- Look for Options Indexes
- If Options Indexes exists modify it to Options -Indexes or,
add Options -Indexes as a new line
Changing the index file name
The index file is the file that gets displayed automatically when a user browses to a directory. Historically, the index file is called index.html or index.htm. On a PHP powered site, you may want your index file to be named index.php. This can be accomplished by putting the following line in your .htaccess file:
DirectoryIndex index.php index.html
The directive above instructs Apache to use index.php as the index file if it exists, otherwise it should look for a file named index.html. If neither file exists in the requested directory, the user will usually get a directory listing.
Denying access to a directory
Sometimes, there may be directories on your website that the user shouldn’t be able to directly request files from. For example, you may have a directory that stores data files for your scripts, or a set of PHP includes. Placing the lines below in the .htaccess file for that directory will block direct requests for those files:
Order Deny,Allow Deny from all
The first line ensures that the deny directive is evaluated before any allow directives that may have been defined elsewhere in the directory hierarchy.