Disable Directory Listing
After installing Apache2, its configuration settings is set to list all directories automatically. This can be bad. The mod_autoindex module automatically generates a listing of all directory content.
If a web client request a resource that’s not available in the directory, all the content in the directory will be listed instead.
Apache2 main global configuration file is highlighted below.
/etc/apache2/apache2.conf
And the section of the settings that deals with listing directory in Apahce2 default root directory is this:
/var/www/
To disable directory listing, edit the setting to be this:
> Options FollowSymLinks AllowOverride None Require all granted/var/www/
Save the file and restart Apache2 to load the new configuration settings.
If you want to save time, just run the commands below to make the same change above. This one line commands will edit the configuration file and remove the word Indexes from the Options line.
sudo sed -i "s/Options Indexes FollowSymLinks/Options FollowSymLinks/" /etc/apache2/apache2.conf
Save the file and restart Apache2 and you’re done.
In Apache Virtual Host:
In .htaccess file:
While using the .htaccess, make sure that Apache server is enabled to use .htaccess files for that directory. In most cases, .htaccess is disabled by default.
Finally, restart the Apache service after making any changes in Virtual host to apply changes.