Premium Member Database last update: Monday, April 24, 2017 14:02:58 GMT-0700

Prevent Directory Indexing with .htaccess

You may want search engines to index your website, but you usually want to protect certain files from view. Security by obscurity is not the only method you should use to protect your website, but it is a method that can add some protection. You can use this method to prevent directory indexing with an .htaccess file.

If your web directories are completely discoverable you may be at risk to various security exploits and theft of data. If you have files you wish to protect, you should consider preventing directory indexing. If you browse to an unprotected directory, not containing and index file, you may see something like this in your browser window:

Indexable directory

In some cases this is the effect you desire. But in most cases you do not want to enable this type of access to your data. You can easily prevent directory indexing with the use of an .htaccess file.

You can create an .htaccess file using any text editor.

To create your first .htaccess file open a blank document in notepad, type .htaccess in the File Name field and change the Save as type dropdown to All files:

Create .htaccess file

To prevent directory indexing add the Options All -Indexes command to the top of your .htaccess file:

.htaccess Options All -Indexes

Save your .htaccess file and upload it to your website root directory or the directory you wish to protect from indexing. Depending on your server configuration your .htaccess file should cascade down to all other directories in your website. Using your web browser, browse to the directory where you stored your .htaccess file. The result will now look something like this:


Indexing of your directory contents is now forbidden.

While there are specific instances when you may want to allow indexing of a specific directory, Country IP Blocks strongly recommends preventing indexing in all other cases.