CPanel setting to prevent directory listing of all files

 David

The webpages (or websites) are made up of several component, like:
* content/text (html/php files),
* image/picture files,
* video/flash files,
* CSS files,
* javascript files, and
* other files (Excel, zip, movie, etc)

Most websites have designated directories for storing thees files in a group. For example, CSS files are usually stored in "/css" directory, and javascript files are usuall stored in "/js" directory.

Similarly, image and picture files are usually stored in "/image" or "/img" directory.
Therefore, it's not uncommon to not have any webpages (html/php file) in the image/picture directory since this directory was created intended to only store images and pictures.

However, did you know that by default, Apache webserver displays the listing of all files in the directory if there's no "index" file found? (whether it's index.html or index.php, etc)

Although the websites probably won't have any link on the page that opens their image directory, it's possible for anyone to type to url like www.somewebsite.com/images or www.somesite.com/files and it would display a page like below:


This basically exposes all of the files (whether they are pictures, movies, or important documents) to be directly downloaded by the visitors, and this was probably not what was intended.

If your hosting has CPanel, then this can be easily prevented and blocked.

Go to the Apache configuration page under the Service Configuration group then click on the Global Configuration option.


Once you are in the Global Configuration page, scroll down to the "Directory / Options" section then make sure to uncheck the Indexes option checkbox. That's it!


This change will prompt you to rebuild the Apache configuration file and restart the Apache server. Once it's done, you should now see the below message if you try to access the "images" or "files" directory
Go Back to List Page

Leave a comment

Name : Comment : view emoticons
Please consider signing up for our website.
If you sign up and log in:
  •   You can avoid the "I'm not a robot" captcha when commenting
  •   You can also avoid typing your name every time
  •   You can upload a picture for each comment
  •   You can change or delete your comment within 1 hour
  •   You can track all the comments you posted on this site
  •   You can read blog posts that are only open to members
  •   You can look up blogs using the search feature
  •   More privileges for our friends & families coming...

OK, Sign me up!

Emoticons are a great way to visually express how you feel.
However, there are times when unintended content is converted to emoticon because the content happens to have one of the emoticon symbols. That's why it's always good idea to preview your comment before posting and when you see this type of problem, you can indicate NOT to auto convert.