Hypertext Access or .htaccess file is an extremely powerful tool to modify the Apache configuration file.

By default, someone visiting your website can easily see directory listing & get to know the details of files on the web server. And, even attackers get to know the directory structure.

In order to prevent this, it’s a best practice to deny directory listing via .htaccess. This helps in avoiding attacks.

At Bobcares, we often get requests from our customers to set up “htaccess deny directory listing” as part of our Server Management Services.

Today, we’ll see how our Support Engineers configure “htaccess deny directory listing” & fix the common errors.

 

How to deny directory listing in .htaccess?

Preventing directory listings can be very useful from viewing to unauthorized people.

Let’s see how we deny access to the directory listing by doing the following steps.

1. First, we navigate to the site’s root directory.

cd /var/www/html/example.com/public_htmlCopy Code

2. Then, we create a .htaccess file.

vi .htaccessCopy Code

3. Next, we enter the following code to deny the directory listing.

Options -IndexesCopy Code

4. Finally, we save the file & restart the services.

service httpd restartCopy Code

Now if you navigate to your site, you will see a Forbidden message like this.

 

Troubleshooting the common errors with .htaccess deny directory listing

From our experience in managing servers, we often see errors reported by customers after disabling directory listing via .htaccess.

Let’s see how our Support Engineers figured it out.

 

1. Incorrect code in .htaccess file

Recently, one of our customers approached us with trouble in the .htaccess file. He prevented the listing of ‘.zip’ files by editing the code in the .htaccess file. But, denying of zip files didn’t work properly as expected.

This mainly happens due to the wrong code entered in the .htaccess file resulted in a failure to function properly.

So our Support Engineers performed the following steps to solve the problem.

1. First, we navigated to the site’s document root from the backend.

cd /var/www/html/domain.com/public_htmlCopy Code

2. Then, we listed the files & looked for .htaccess file.

ls -alCopy Code

3. Next, we opened the .htaccess file using the vi editor.

vi .htaccessCopy Code

4. By analyzing, we found the code was incorrect.

5. We corrected the code as:

IndexIgnore *.zipCopy Code

6. Finally, we saved the file.

If you want to prevent specific files in the directory listing, then we can use

IndexIgnore *.extCopy Code

(ext-extension of the file).

The above line tells the Server to list all files except those that end with the extension.

That fixed the problem & the user could list all files except ‘zip’ files without any failure.

 

2. Permission issue

Similarly, another customer had an issue with the .htaccess file. Even after he had set the rules in .htaccess file correctly, it failed to deny directory listing of files.

To get around this, we perform the following steps.

1. First, we changed to the website’s document root.

cd /var/www/html/mysite.com/public_htmlCopy Code

2. Then, we listed the files by running the command:

ls -alCopy Code

3. By analyzing, we found that .htaccess file ownership & permission was incorrect.

4. Next, we corrected them by running the command:

chown -R www-data:www-data /var/www
chmod -R 775 /var/wwwCopy Code

5. Finally, we restarted the services to reflect the changes made.

service httpd restartCopy Code

This is how our Support Engineers fixed the problem.

 

[Having trouble with htaccess deny directory listing? We’ll fix it for you.]

 

 

Conclusion

To be more precise, to secure the listing of the folder’s content on the server, .htaccess deny directory listing is good practice. Today, we saw how our Support Engineers configured “htaccess deny directory listing” & fixed the common errors.