Hypertext Access or .htaccess file is an extremely powerful tool to modify the Apache configuration file.
By default, someone visiting your website can easily see directory listing & get to know the details of files on the web server. And, even attackers get to know the directory structure.
In order to prevent this, it’s a best practice to deny directory listing via .htaccess. This helps in avoiding attacks.
At Bobcares, we often get requests from our customers to set up “htaccess deny directory listing” as part of our Server Management Services.
Today, we’ll see how our Support Engineers configure “htaccess deny directory listing” & fix the common errors.
How to deny directory listing in .htaccess?
Preventing directory listings can be very useful from viewing to unauthorized people.
Let’s see how we deny access to the directory listing by doing the following steps.
1. First, we navigate to the site’s root directory.
2. Then, we create a .htaccess file.
3. Next, we enter the following code to deny the directory listing.
4. Finally, we save the file & restart the services.
service httpd restart
Now if you navigate to your site, you will see a Forbidden message like this.
Troubleshooting the common errors with .htaccess deny directory listing
From our experience in managing servers, we often see errors reported by customers after disabling directory listing via .htaccess.
Let’s see how our Support Engineers figured it out.
1. Incorrect code in .htaccess file
Recently, one of our customers approached us with trouble in the .htaccess file. He prevented the listing of ‘.zip’ files by editing the code in the .htaccess file. But, denying of zip files didn’t work properly as expected.
This mainly happens due to the wrong code entered in the .htaccess file resulted in a failure to function properly.
So our Support Engineers performed the following steps to solve the problem.
1. First, we navigated to the site’s document root from the backend.
2. Then, we listed the files & looked for .htaccess file.
3. Next, we opened the .htaccess file using the vi editor.
4. By analyzing, we found the code was incorrect.
5. We corrected the code as:
6. Finally, we saved the file.
If you want to prevent specific files in the directory listing, then we can use
IndexIgnore *.ext(ext-extension of the file).
The above line tells the Server to list all files except those that end with the extension.
That fixed the problem & the user could list all files except ‘zip’ files without any failure.
2. Permission issue
Similarly, another customer had an issue with the .htaccess file. Even after he had set the rules in .htaccess file correctly, it failed to deny directory listing of files.
To get around this, we perform the following steps.
1. First, we changed to the website’s document root.
2. Then, we listed the files by running the command:
3. By analyzing, we found that .htaccess file ownership & permission was incorrect.
4. Next, we corrected them by running the command:
chown -R www-data:www-data /var/www chmod -R 775 /var/www
5. Finally, we restarted the services to reflect the changes made.
service httpd restart
This is how our Support Engineers fixed the problem.
[Having trouble with htaccess deny directory listing? We’ll fix it for you.]
To be more precise, to secure the listing of the folder’s content on the server, .htaccess deny directory listing is good practice. Today, we saw how our Support Engineers configured “htaccess deny directory listing” & fixed the common errors.