What is Directory Browsing or Listing?
This feature allows users to view the contents of a directory on a web server through a web browser.
When a web server is configured to allow directory browsing, it means that if a user enters the URL of a directory (e.g., http://example.com/directory/), the server will generate a web page displaying the list of files and subdirectories contained within that directory.
In Control Panels like cPanel, DirectAdmin this feature is enabled by default so you don’t to use it you should considering disabling it manually.
Why we should Disable Directory Listing?
Directory listing can expose the internal file system paths of your server. This information can be used by attackers to better understand your server’s structure and potentially identify other vulnerabilities to exploit.
Once attackers got to know whats inside of your hosting account they may attack you with various methods such as
- Brute Force
- Exposing Vulnerable Scripts
- Phishing and Malware
- And many others
Disable Directory Browsing/Listing using .htaccess
This method will work for almost all the control panels based on Apache, LiteSpeed, OpenLiteSpeed etc, even if you are using simple LAMP, LOMP this method will work for you without any issue by changing simple rules.
- Login to your Control Panel (Or Server for LAMP users)
- Locate Public_html directory
- Unhide .htaccess file clicking on Settings > Show Hidden Files (FTP Doesn’t required)
- Create/Edit .htaccess file
- Add this line on top
- Now Save Change and Close
You have successfully disabled Directory Browing for your website just to confirm you can try to access any directory in your browser it suppose to Forbid you.