Recent Articles

Disabling directory browsing in apache »

Linux Security: Disabling directory browsing in the apache config

An important task, or “must-do” when you are setting up a secure apache web server is to disable directory browsing.

Usually apache has this feature enabled, however it’s important to disable this unless it is definitely required.


1. Find the location of the main apache config file httpd.conf

Typically this file will be located in a path like: /etc/apache/httpd.conf.

2. Edit this file using a text editor.

You will need root access to your Linux/Unix system in order to do this edit task.

Using your text editor, (eg gedit, vim or nano),  open httpd.conf and find the line that contains the following:

Options Includes Indexes FollowSymLinks MultiViews

then remove the word Indexes, then save the file.

The line should now appear like this:

Options Includes FollowSymLinks MultiViews


3. Restart the Apache web server.

Use the following command:

apache restart 

(e.g. /etc/init.d/apache restart),

or,      service httpd restart