Internet marketing resources, ecommerce web site design tutorials and  just for fun - free cell phone ringtones!
  Taming the Beast - quality web marketing and ecommerce development services

Preventing directory browsing

Posted by Michael Bloch in web development (Saturday September 23, 2006 )

Take a run out to your site and enter – just the name of your images folder, nothing else afterwards except for the trailing /.

If you see a “forbidden” or 403 error message, that’s normal, but if you see a list of files, it means that your server is configured to allow for directory browsing. You’ll notice that any folder that doesn’t have a default document in place will also behave in the same way.

It’s easy to fix; here’s two methods:

1) Find out what the default document name is on your server – most likely it’s index.htm or default.htm (or .html). Open up your html editor or even notepad and just save the file as the default document name. Don’t add any text to the file, just leave it blank; then upload it to any folder that you’re able to browse the directory of. This can be a little time consuming if you have many folders.

2) If your site is hosted on an Apache server, you can add *one* of the following lines to the .htaccess file in the root directory of your site:

IndexIgnore */*

or this option:

Options -Indexes

Be careful not to alter any other contents that might be in your .htaccess file

The first option will bring up a directory listing with nothing in it, the second will return a “forbidden” 403 error

If you don’t have a .htaccess file, you can create one in notepad – just be sure to save it as .htaccess (note the “.” preceding the file name). If you’re not sure if your server supports .htacess, check with your web host.

What’s a .htaccess file?

For sites hosted on Apache servers, the .htaccess file contains instructions for handling requests; including security, redirection issues, page rewriting and how to handle certain errors.

Why would you want to prevent directory browsing?

We all tend to leave stuff lying around in folders which may not be linked to or publicly displayed on our sites – items might be half finished pages, zip files not for general distribution etc. By preventing directory browsing, it lessens the chances of Joe Public stumbling on and viewing or downloading a file you don’t particularly want them to see :)

Related articles:

Creating custom error pages
301 redirects


Comments for Preventing directory browsing

No comments yet.

Sorry, the comment form is closed at this time.