Disable Directory Listing on Apache Ubuntu 22.04

Abhijeet Pratap

May 13, 2024

Page content

How to disable directory listing in Apache server

The Apache server is the most popular web server powering a large part of the websites on the internet. It is popular because of its modular structure. The s server offers several modules that can be used to add or remove functionalities from the server. Modules like expires, headers, rewrite etc can be used to improve speed, and security as well as apply redirects. Apache also includes an autoindex module that id enabled by default. The autoindex module generates directory indexes.

Actually, there are two modules that control the index of a directory. One is mod_dir and the other is mod_autoindex. The main two sources from which the index of a directory comes are as follows:

A file located in that directory, typically called index.html. The DirectoryIndex directive sets the name of the file or files to be used, and which is controlled by mod_dir.

Otherwise, the web server can generate a listing. The other directives control the format of this listing. The AddIcon, AddIconByEncoding and AddIconByType are used to set a list of icons to display for various file types; for each file listed, the first icon listed that matches the file is displayed. Mod_autoindex controls all these things.

While autoindex or directory listing can be useful in some cases, generally it is not useful and it is recommended to disable directory listing. All the data on your website or server should not be visible to everyone. You do not want everyone accessing all the website files on your server. Several of them would become open for indexing by the Google search engine as well if they are left open. So, it is it better to disable directory listing since apart from giving rise to indexation related concerns, it will give rise to security issues also.

To disable directory listing, we can just disable the mod_autoindex. You will need ssh access to yoru server to disable mod_autoindex.

How to disable mod_autoindex from the server (Ubuntu 22.04)

To disable mod_autoindex,, you need to ssh to your server and then run the following command:

sudo a2dismod --force autoindex

We use the –force flag since autoindex is one of the essential modules and you do not want to be confused by the warnings. The above command will disable mod_autoindex. Now, you can restart the apache server to apply the changes.

sudo systemctl reload apache2

That’s all, You have safely disabled the mod_autoindex and now your server will not generate an index of directories which will not be visible to the public or search engines anymore. While search engines may still be able to access some directories, it will include only the one you have allowed access to. To disallow access to any particular directory, you must use the disallow directive in robots.txt.

Disable autoindex for a single website

In some cases, you would not want to disable autoindex server wide. In that case, you can disable it on only concerned sites by editing their vhosts file. You will need to change the configuration file for the concerned website and you can make changes inside individual configuration files or the main apache configuration file.

Add the following to the configuration or vhosts file:

<Directory /var/www/html>
    Options -Indexes FollowSymLinks
</Directory>

Replace /var/www/html/ with the root folder of your website. If you are hosting more than one website on the same server, you must make changes to the individual vhosts files. You will open the vhosts files located inside the sites-available directory with the following command:

sudo nano /etc/apache2/sites-available/*

The individual vhosts files are located inside the sites-available directory. For example:

/etc/apache2/sites-available/example.com.conf

Close and save the file after making the changes and reload apache server to apply the changes.

sudo systemctl reload apache2

Edit .htaccess file

You can also disable directory indexes by editing the .htaccess file. .htaccess file is an important file and before making changes, you should make a copy of the file so that you can restore it if anything goes wrong.

sudo cp /var/www/html/.htaccess /var/www/html/.htaccessbak

Open the .htaccess file located inside the root folder:

sudo nano /var/www/html/.htaccess

Add the following at the top of this file:

Options -Indexes

Close and save the file. Now, if you try, you will find that the server has stopped generating indexes of directories.

You can use any of the above three methods to disable directory listing on apache server.