How to disable directory views with a blank file or a single line of code

By default the directories (folders) of your website and other applications may be publicly viewable for all to browse. This is a potential security risk, but thankfully one that can be reduced very easily.

Here are two simple options to reduce this risk by preventing the directories from showing their content as browsable lists:

  • Option 1: index.html
  • Option 2: .htaccess

index.html

One way is to add a blank index.html file to each directory that you do not want prying eyes to browse the contents of.

Though this is a perfectly fine approach, one that’s adopted by many, but it does mean you need to put an index.html file in each and every directory to want to prevent from being browsable.

.htaccess

Another, much quicker way to, is to place a single line of code in the .htaccess file of website’s root directory. This approach assumes your server is using Apache, if you’re an nginx user, feel free to get in touch for more advice (and congrats on a good choice).

If you have access, open the .htaccess file at the root of the directories you want to target and enter this following line after any existing content:

Options -Indexes

If the directory doesn’t have a .htaccess file, then just create one (don’t forget the preceding . to the filename) and add the code.

Reply