How to disable directory listing and restrict files/directory in Apache

1. Disable directory listing in Apache Configuration

Open the apache configuration file /etc/httpd/conf/httpd.conf.

vim /etc/httpd/conf/httpd.conf

Find the content below in a file and modify the highlighted content.

        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted

When finished, it should look like this.


        Options -Indexes +FollowSymLinks
        AllowOverride None
        Require all granted

Restart the Apache service by using below command:

 systemctl restart httpd

2. Restrict Directory Access Apache

Add the below highlighted lines in your apache virtualhost to restrict any directory access.

<Directory "/var/www/test/restricted_directory">
order deny,allow
deny from all #it will block access for all
</Directory>

Restart the apache service by using below command.

systemctl restart httpd

Optional: If you want to allow only for particular ipaddress.

<Directory "/var/www/test/restricted_directory">
order deny,allow
deny from all #it will block access for all
Allow from your-ipaddress #it will allow for your ipaddress
</Directory>

3. Make configuration files inaccessible

Add the below line in your apache virtual host to make directory inaccessible or invisible.

RedirectMatch 404 (file_contain_important_data.html|composer.lock|composer.json|.htaccess)

Note: you can add multiple files in same command.
Restart the apache service after making changes in virtualhost always.

systemctl restart httpd

By using above tutorial we have stopped indexing in our website, restricted directory access and make configuration files inaccessible for public.

Please Drop Comment if you faced any issue at any point, I will try to help asap
100% LikesVS
0% Dislikes