How to Hide Files from Apache Directory Listings

Apache HTTP Server comes with a useful feature for file viewing called “directory listing” or “directory browsing”. With this feature enabled, users who visit a directory without an index file will see a list of the files in that directory, as well as information about them. This is useful for HTTP download mirrors and similar sites because it allows the website owner to list large numbers of files without having to create pages to list them.

In some situations, directory listing may not be ideal at all, and you can globally block indexing in the Apache configuration file or locally in an htaccess file. A web server that allows indexing will have a directive that looks like this:

Options +Indexes

To disable indexing, simply remove “+Indexes”.

In other situations, you may want to make use of directory listings, but you may want to hide certain files. You can do that with the IndexIgnore directive. Like other directives, you can apply this one globally in the Apache configuration file or locally in a website’s .htaccess file. The format is as follows:

IndexIgnore filename

For example, if you want to prevent users from seeing files called readme.txt, you would enter:

IndexIgnore readme.txt

You can also enter partial matches with the “*” character:

IndexIgnore *.php

IndexIgnore is part of Apache’s mod_autoindex module. For more information about Apache’s IndexIgnore directive, consult the Apache web server documentation.