How to disable or Enable Directory Listing in Apache with examples

Apache Directory Listing

Apache’s directory listing feature displays the contents of a directory in a table format, making it easy for users to browse the directory’s contents. However, enabling directory listing can also pose security risks, as it exposes files and directories to unauthorized access.

Disabling Directory Listing

To disable directory listing in Apache, you can add the following directive to your Apache configuration file (usually httpd.conf):

Options -Indexes

This directive instructs Apache to suppress directory listings and instead display a standard 403 Forbidden error page.

Enabling Directory Listing

To enable directory listing in Apache, you can remove the Options -Indexes directive or replace it with the following directive:

Options Indexes

This directive instructs Apache to display directory listings by default.

Example Configuration

Here’s an example of how to disable directory listing for the /docs directory:

<Directory /docs>
    Options -Indexes

Using .htaccess

You can also use a .htaccess file to disable or enable directory listing for a specific directory. For example, to disable directory listing for the /docs directory, add the following line to a .htaccess file in the /docs directory:

Options -Indexes

Restarting Apache

After making any changes to your Apache configuration, you will need to restart the Apache service for the changes to take effect. You can do this using the following command:

sudo systemctl restart httpd.service

In case you are on Ubuntu, edit the file /etc/apache2/apache2.conf (here we have an example of /var/www):

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted

and change it to;

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require all granted


sudo service apache2 restart

Security Considerations

Disabling directory listing can help to improve your website’s security by making it more difficult for unauthorized users to browse the contents of your directories. However, it is important to note that disabling directory listing does not completely eliminate the risk of directory traversal attacks. If a malicious user is determined, they may still be able to access sensitive files or directories.

For additional security, you can consider using a web application firewall (WAF) to filter out malicious requests and block directory traversal attacks.


  • Imants Pumpurs

    Author is a Latvian writer, playwright and screenwriter. He is considered one of the most important Latvian writers of the 21st century. His work is known for its humor and its social satire.