Directory listing in htaccess. Allow, Deny, Disable, Enable Directory Listing in .htaccess
- By Viral Patel on March 10, 2009
When a web browser is pointed to a directory on your web site which does not have an index.html file (or any other index file) in it, the files in that directory can be listed on a web page.
Let us see few snippets that can be added in htaccess file to allow or avoid directory listing in apache server.
Enable / Disable directory Listing
To allow a web server to produce a directory listing, whenever you point a directory without index file. Add following line in your .htaccess file.
Options +Indexes # or # IndexIgnore *
To disable or prevent the directory access add following line in your .htaccess file. If user points the browsers to a directory which does not have index file then in this case 403 error will be
Options -Indexes
Following is the error page that gets displayed when we try to access any directory without index file.
Change Listing style
You may want to display other details while showing the directory listing. This includes file icons, file size, modification date and more. This can be done by adding fancy style to your htaccess file. Add following snippet in .htaccess file.
IndexOptions +FancyIndexing
To remove the fancy directory listing or to display normal directory listing, use -FancyIndex.
IndexOptions -FancyIndexing
Ignore files with specific extension
It may happen that you may need to ignore certain files to get displayed in directory listing. This can be achieved using IndexIgnore directive in .htaccess file.
Following snippet will not display .zip and .txt file in directory listing.
IndexIgnore *.zip *.txt
Modify Index File
It is possible to change the default index file from index.html (index.php, index.jsp …) to any other file. Following line will change the index file to Home.html.
DirectoryIndex Home.html
Get our Articles via Email. Enter your email address.
this is really helpful details
Is there a way to disable all browsing all directories except one?
For example, after applying “Options -Indexes”, can I create a rule to list items inside the ‘/pdf’ folder?
Thanks.
Hi Ricardo,
There is a way to achieve this. If you want to disable directory listing in a folder and all its subfolders except one subfolder say /pdf. You have to create .htaccess file in root folder and the code to disable directory access:
Options -Indexes. And then create another .htaccess file in the subfolder /pdf and add code to allow directory listing in it:Options +Indexes.Awesome! It worked perfectly!
Thanks Viral!
Thanks Viral, I was looking for a solution for what Ricardo asked, and yours worked perfectly. Thanks!
The IndexIgnore * line seems to cause the whole thing not to work. This line tells the server to ignore all files in the directory listing. When I took out that line, I was able to see the directory properly.
Thanks!
Great! thanks!
Nice mate..
That’s very good information.
But, is there a way to set these listing permissions per directory, instead of document root?
Thanks..
Vas
OK, I see the answer above..
When I took out that line, I was able to see the directory properly.
I have a problem in directory listing in http://3idiots.mobi/Downloads/ it doesn’t show a single file in the folder. I have updated .htaccess file and pasted Options +Indexes. then also it is showing blank page. What should i have to do.
Thank You
Got this to work where you deny public access but allows internal processes. Place this in the htaccess of the folder you want to restrict access to:
order deny,allow
deny from all
Thank you very much mate!
hi mate,
im using Clipbucket for a music site im building now clipbucket has like tons of Stuff in httacess file and the bulk of it’s stopping anyone from doing stuff they shouldn’t using scripts in url Ect exploits and it also blocks access to pages that clipbucket doesn’t use in it’s script this also means every folder i add on to the site Will not work, How would i block everything else or keep it the same i guess yet still allow access to Say /Forum or any extra folders i tack onto my domain, ? thanks in advance
I added a new line ‘Options -Indexes’ in each .htaccess files,but the directories still display on browser. Can anybody give some more suggests? Thanks very much. kai0105@yeah.net is my address.Hoping for that…
Cheers – took a while to track this down!
Hi guys
I have the same problem with a folder of my website.
I wrote the “Options -Indexes” in the root folder’s htaccess
and “Options +Indexes” in the folder /download (where I want all files to be listed)
The website works fine, but I get an error 500 while accessing to the /download folder
I’m hosted by OVH, but I can’t read anything about that in their forums
Thanks a lot !
Have a nice day
THANK YOU !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
I have a problem, I need to protect some folder in my web through validation, i created an .htaccess and put it in this folder but this dissapear of my navigation tree , what is the the way that this folder appear again? but keeping the validation through user/passwd
It’s really helpful for me, Thanks:)
Hello everyone.
I got directory browsing working on my website.
I get a broken picture icon next the directories and files.
Here is the link:
http://www.newporttimesharesrus.com/websites/
I put this code in the .htacces file
Options +Indexes
IndexOptions +FancyIndexing
It does not do the job.
Can anyone help.
jorge@locopro.com
Thank you very much. This tutorial was very helpful.
I was looking for the function that prevented access to directories of my website.
nice
fine
Hi,
I have an issue.
I need to prevent DIRECT access to all .swf files in “localhost/mysite/sitesong/” directory [http://localhost/mysite/sitesong/abc.swf] but it should be able to be accessed if localhost/mysite/song.php is linking it inside tag.
For this, the following code is added in /sitesong/.htaccess file
RewriteEngine on RewriteCond %{HTTP_REFERER} !^http://(www.)?localhost/mysite [NC] RewriteCond %{HTTP_REFERER} !^http://(www.)?localhost/mysite/.*$ [NC] RewriteRule .(swf)$ - [F]This code works for the Firefox and Chrome browser but in IE, though the .swf file is prevented from directly accessed but /song.php also is unable to access the swf files.
Any help would be appreciated.