Directory listing in htaccess. Allow, Deny, Disable, Enable Directory Listing in .htaccess

When a web browser is pointed to a directory on your web site which does not have an index.html file (or any other index file) in it, the files in that directory can be listed on a web page. Let us see few snippets that can be added in htaccess file to allow or avoid directory listing in apache server.

Enable / Disable directory Listing

To allow a web server to produce a directory listing, whenever you point a directory without index file. Add following line in your .htaccess file.
Options +Indexes # or # IndexIgnore *
Code language: HTML, XML (xml)
allow-directory-listing-htaccess To disable or prevent the directory access add following line in your .htaccess file. If user points the browsers to a directory which does not have index file then in this case 403 error will be
Options -Indexes
Code language: HTML, XML (xml)
Following is the error page that gets displayed when we try to access any directory without index file. 403-directory-listing-error-htaccess

Change Listing style

You may want to display other details while showing the directory listing. This includes file icons, file size, modification date and more. This can be done by adding fancy style to your htaccess file. Add following snippet in .htaccess file.
IndexOptions +FancyIndexing
Code language: HTML, XML (xml)
fancy-directory-listing-htaccess To remove the fancy directory listing or to display normal directory listing, use -FancyIndex.
IndexOptions -FancyIndexing
Code language: HTML, XML (xml)

Ignore files with specific extension

It may happen that you may need to ignore certain files to get displayed in directory listing. This can be achieved using IndexIgnore directive in .htaccess file. Following snippet will not display .zip and .txt file in directory listing.
IndexIgnore *.zip *.txt
Code language: HTML, XML (xml)

Modify Index File

It is possible to change the default index file from index.html (index.php, index.jsp …) to any other file. Following line will change the index file to Home.html.
DirectoryIndex Home.html
Code language: HTML, XML (xml)
Get our Articles via Email. Enter your email address.

You may also like...

52 Comments

  1. this is really helpful details

  2. Is there a way to disable all browsing all directories except one?

    For example, after applying “Options -Indexes”, can I create a rule to list items inside the ‘/pdf’ folder?

    Thanks.

    • Hi Ricardo,
      There is a way to achieve this. If you want to disable directory listing in a folder and all its subfolders except one subfolder say /pdf. You have to create .htaccess file in root folder and the code to disable directory access: Options -Indexes. And then create another .htaccess file in the subfolder /pdf and add code to allow directory listing in it: Options +Indexes.

  3. Awesome! It worked perfectly!

    Thanks Viral!

  4. Trupti says:

    Thanks Viral, I was looking for a solution for what Ricardo asked, and yours worked perfectly. Thanks! :)

  5. Eli says:

    The IndexIgnore * line seems to cause the whole thing not to work. This line tells the server to ignore all files in the directory listing. When I took out that line, I was able to see the directory properly.

    Thanks!

  6. Dan says:

    Great! thanks!

  7. Sachin says:

    Nice mate.. :)

  8. Vas says:

    That’s very good information.
    But, is there a way to set these listing permissions per directory, instead of document root?

    Thanks..
    Vas

    • Vas says:

      OK, I see the answer above.. :)

  9. takprosto says:

    When I took out that line, I was able to see the directory properly.

  10. Visakh says:

    I have a problem in directory listing in http://3idiots.mobi/Downloads/ it doesn’t show a single file in the folder. I have updated .htaccess file and pasted Options +Indexes. then also it is showing blank page. What should i have to do.

  11. Thank You

  12. Got this to work where you deny public access but allows internal processes. Place this in the htaccess of the folder you want to restrict access to:

    order deny,allow
    deny from all

  13. Thank you very much mate!

  14. Randell says:

    hi mate,

    im using Clipbucket for a music site im building now clipbucket has like tons of Stuff in httacess file and the bulk of it’s stopping anyone from doing stuff they shouldn’t using scripts in url Ect exploits and it also blocks access to pages that clipbucket doesn’t use in it’s script this also means every folder i add on to the site Will not work, How would i block everything else or keep it the same i guess yet still allow access to Say /Forum or any extra folders i tack onto my domain, ? thanks in advance

  15. lee says:

    I added a new line ‘Options -Indexes’ in each .htaccess files,but the directories still display on browser. Can anybody give some more suggests? Thanks very much. [email protected] is my address.Hoping for that…

  16. Jamesd says:

    Cheers – took a while to track this down!

  17. Julien says:

    Hi guys

    I have the same problem with a folder of my website.
    I wrote the “Options -Indexes” in the root folder’s htaccess
    and “Options +Indexes” in the folder /download (where I want all files to be listed)

    The website works fine, but I get an error 500 while accessing to the /download folder

    I’m hosted by OVH, but I can’t read anything about that in their forums

    Thanks a lot !
    Have a nice day

  18. Paulo says:

    THANK YOU !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

  19. Carmen says:

    I have a problem, I need to protect some folder in my web through validation, i created an .htaccess and put it in this folder but this dissapear of my navigation tree , what is the the way that this folder appear again? but keeping the validation through user/passwd

  20. babu says:

    It’s really helpful for me, Thanks:)

  21. Hello everyone.

    I got directory browsing working on my website.

    I get a broken picture icon next the directories and files.

    Here is the link:

    http://www.newporttimesharesrus.com/websites/

    I put this code in the .htacces file

    Options +Indexes
    IndexOptions +FancyIndexing

    It does not do the job.

    Can anyone help.

    [email protected]

  22. Victor says:

    Thank you very much. This tutorial was very helpful.

    I was looking for the function that prevented access to directories of my website.

  23. Bumba says:

    nice

  24. Akarsh says:

    Hi,

    I have an issue.
    I need to prevent DIRECT access to all .swf files in “localhost/mysite/sitesong/” directory [http://localhost/mysite/sitesong/abc.swf] but it should be able to be accessed if localhost/mysite/song.php is linking it inside tag.

    For this, the following code is added in /sitesong/.htaccess file

    RewriteEngine on
    RewriteCond %{HTTP_REFERER} !^http://(www.)?localhost/mysite [NC]
    RewriteCond %{HTTP_REFERER} !^http://(www.)?localhost/mysite/.*$ [NC]
    RewriteRule .(swf)$ - [F]
    


    This code works for the Firefox and Chrome browser but in IE, though the .swf file is prevented from directly accessed but /song.php also is unable to access the swf files.

    Any help would be appreciated.

  25. Jan says:

    Thanks! Works like a charm! No more access to folders. (:

  26. Anand says:

    Thanks!! really helpful.

  27. Waldemar says:

    How to allow directory access for all by htaccess?

  28. jagadeesh says:

    thanks a lot really helpful to me

  29. Thank you! This was very useful.

  30. Arnaud says:

    Useful post thanks

  31. chris lee says:

    Thank a lot! This was really helpful.

    I am using a hosting service at bluehost and there

    AddHandler application/x-httpd-php .html .htm

    seems to work.

  32. SM. Kafi says:

    Thanks, its really a good job…….

  33. I was using Options -Indexes but i got 404 error….. i am also hiding the extension of the page ….

  34. jagadeesh says:

    very useful content. thank you…

  35. obaid says:

    why this htaccess not working under my svn path and using full path
    still displaying indexing even after placed htaccess in project1

    http://IP/var/www/html/svn/project1/

  36. Thanks bro, it really helped me well….

  37. PNR Status Check says:

    I want don’t to index robots.txt, sitemap.xml and some specific pages. Will you tell me, how can I do it through htaccess? Any suggestion will be appreciated; thanks in advance.

  38. Alexander says:

    How to Directory access for all htaccess?

  39. parvinder says:

    Hello Admin,

    I have a .bar website and I added ‘Options -Indexes’ in .htaccess file but still my all inner directory access by anyone. Can you please tell me what should I do for disable inner directory.

    Waiting for your reply!

  40. sanjay says:

    thank’s, It’s very use bale tutorial

  41. Gosamaango says:

    Pretty Nice but i was searching something better like i want a user may not access my site while he get it to be download through some tools like httrack or something else how can i stop user like that
    he downloads the whole design and everything

  42. Achin says:

    Thanks a lot, this helped a ton. With this i was able to forbid the directory browsing..

  43. Great Tutorial. Thanks for sharing

  44. Alireza says:

    It was realy useful, Thanks

  45. Generalboxel says:

    in the allow part some say it is not the website IP but the Localserver ip. what is the difference ?

  46. Homesazeh says:

    It was quite handy. need to make some changes in my code

  47. Alireza says:

    Hello all.
    I have been using any possible code to restrict access to my .php root files but non seem to work. if they do they limit to access completely

    Order Allow,Deny
    Deny from all
    Allow from xx.xx.xxx.xxx

    I have replaced X with my IP but not working

  48. Vikash kumar singh says:

    Very helpful post for me.

  49. Komala says:

    It works on me. Thanks for this great article

Leave a Reply

Your email address will not be published. Required fields are marked *