Apache Web Server Prevent Directory / Folder Listing

Q. If there is no index.html or index.php, Apache displays all other files in a Directory. How do I force Apache web server not to display my directory / folder list?

A.This controlled by a module called mod_autoindex or mod_dir.

You can completely remove (or replace) automatic index generation as per your requirements. The IndexIgnore directive adds to the list of files to hide when listing a directory. File is a shell-style wildcard expression or full filename. Multiple IndexIgnore directives add to the list, rather than the replacing the list of ignored files. By default, the list contains . (the current directory). Open your httpd.conf or .htaccess file and append following directive to block auto indexing for all pdf and mp3 files:
IndexIgnore *.pdf *.mp3
To enforce or deny complete folder listing, use *:
IndexIgnore *
Save and close the file. Restart httpd if httpd.conf was updated:
# service httpd restart

Further readings:

=> Apache mod_autoindex help pages.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 14 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
14 comments… add one
  • Scott Oertel Dec 7, 2007 @ 13:34

    also placing “Options -Indexes” in an htaccess file or in a directory directive in the httpd.conf would disable directory browsing/listings

  • S. Fanara Apr 22, 2008 @ 14:45

    Thank you for this article. I was looking for a “confirmation” about the wildcard character “*” to make sure it could be used with the directive “IndexIgnore” in order to prevent listing of files and folders on all Apache server directories. The apache mod_autoindex help page did not make any mention of it specifically, instead gives a rather generic example were wildcards are used in conjunction to file extension (like in: *.bak)… and although that is a clear hint to more tech savvy people, others may like to have it “spelled out” to be sure they will not run into problems.

    At first I thought about using “*.*”, but most likely that wouldn’t have worked on folders… so I thought that it must have been possible to just use “*” to mean “everything” (any folder and any file).

    Thanks again for spelling it out ;)

  • Simi May 9, 2008 @ 7:34

    I have changed th IndexIgnore * in my httpd file but still am able to see the files in the directory. Is there any other directives needs to get changed to disable the directory browsing.

  • toan Aug 30, 2008 @ 4:49

    I have changed th IndexIgnore * in my httpd file but still am able to see the files in the directory. Is there any other directives needs to get changed to disable the directory browsing.

  • toan Aug 30, 2008 @ 4:50

    I have changed th IndexIgnore * in my httpd file but still am able to see the files in the directory. Is there any other directives needs to get changed to disable the directory browsing.

    me too. any I dieal for this?

  • SinhNT Dec 9, 2008 @ 9:59

    Yes. You can modify the config file (httpd.conf) of the Apache server as follows:
    1. Options None
    2. AllowOverride All
    3. Restart the Apache server to take effect.

    If you can not access to the Apache’s config file. You should contact to the host’s admin to modify this file so that the line “IndexIgnore *” in your .htaccess file takes effect.

    Good luck.

  • Snipervzln Apr 24, 2009 @ 21:50

    I prefer Scott’s solution; use it on your .htaccess inside the folder you want to hide. It’s better (and customizable) a 505 forbidden page than a empty folder list. Thanks for the post.

  • Vinicius Brasil May 16, 2009 @ 1:35

    I want to configure the folder to display the files for download, but want to customize the page that is returned by the webserver. Anyway of doing that without creating a separate page.

  • Balakrishnan Jul 23, 2009 @ 7:18

    How do i enable files and folder listing for a particular folder?

  • selim Sep 20, 2009 @ 11:08

    I prefer Scott’s solution – thanks scotty :)

  • Sebastian Jan 15, 2010 @ 21:49


    Can anyone tell me how to remove items from the IndexIgnore list? New commands in a subdirectory only add to the list, but I need some files to be displayed which would be hidden some levels above. I didn’t finde anything in the official documentation, but I hope I have only overlooked something…

    Is there a way to acchieve this?


  • Mike May 1, 2011 @ 6:27

    The main problem I have had is that this problem occurred on my hosting suppliers server. I can not alter their system.
    My problem was that my site starts with index.php.
    If a user entered the root URL as an address without a file name
    ( http://www.someaddress/ );-
    In MS IE, index.php is run.
    In Firefox, a list of all Files and Folders is displayed.

    I cured the problem by creating a file called default.html with a javascript redirect to index.php.
    This has solved the problem in all browsers that I have tested.
    The full code for default.html is below.

    function move()
    window.location = ‘index.php’;

    I Hope this helps some one

  • Tom Geld Oct 5, 2011 @ 9:28

    Hey Team,
    thanks for the help. I was trying lots of opportunities, for whatever reason I did not find any source which explained my problem and its solution so clear.
    Go on with your work,

  • bava Feb 18, 2014 @ 9:39

    i want to know how to create a new folder inside apache tomcat in web-app folder.
    when i entered in web-app and i try to create a newfolder but it will shows an error message.the error message is “Acess Denied”unable to create a folder…
    will you give me the easiest way to include a new folder in apache software inside web-apps folder

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum