Directory Index Apache

Why One Should Disable Directory Indexing

Prevent Information Leakage: Hides files that were not ment for direct public access, eg. image folders, log files.

Security Through Obscurity: Though it is not a complete security solution, by hiding directory structure makes it harder for hackers to find vulnerable files. e.g. .bak, .zip or configuration files to launch attacks.

Protect Sensitive Data: To prevent discovery of hidden scripts, configuration files, or API keys which may led to potential site compromises.

Professionalism and SEO: A blank or 403 Forbidden page looks more professional than a raw list of file names, and it prevents search engines from indexing and displaying those raw file lists in search results.

Compliance: Leaving directory indexing on is a failure point in PCI compliance scans, which are required for websites handling payments.


How to disable Directory Listings in apache 

‹Directory /path/to/your-site›
   Options -Indexes
‹⁄Directory›

For Further Reading 

https://httpd.apache.org/docs/current/mod/mod_dir.html