DEV Community

Sospeter Mong'are
Sospeter Mong'are

Posted on

How to Disable Directory Listing in cPanel Using `.htaccess` (Options -Indexes)

#cpanel #webdev #programming #beginners

If you’re running a website on cPanel shared hosting or any server powered by Apache, there’s a chance your visitors can view your directory structure if there’s no index.html or index.php file present. This is called directory listing, and it’s a serious security risk because hackers can see and download sensitive files.

Fortunately, you can disable directory listing easily using a single line in your .htaccess file:

Options -Indexes
Enter fullscreen mode Exit fullscreen mode

This simple trick locks down your folders and keeps your site secure.

What Is Directory Listing?

When directory listing is enabled, visiting a URL like example.com/uploads/ without an index file shows all files in that folder. Here’s an example:

Index of /uploads
-----------------
backup.zip
config.php
database.sql
Enter fullscreen mode Exit fullscreen mode

This exposes sensitive files and makes your site a target for attacks.

Why Disable Directory Listing?

  • Improves Security: Hides configuration files, backups, and other sensitive data.
  • Prevents Hacking: Hackers often scan for exposed directories to exploit.
  • Looks Professional: Instead of a raw directory view, visitors see a 403 Forbidden page.

How to Disable Directory Listing in cPanel

Follow these steps to secure your site:

  1. Log in to cPanel
    Access your hosting account and open the File Manager.

  2. Locate or Create the .htaccess File

  • Check your website’s root directory (public_html/).
  • If there’s no .htaccess file, click + File and name it .htaccess.
  1. Edit the .htaccess File Add this line: 
   Options -Indexes
Enter fullscreen mode Exit fullscreen mode

  1. Save Your Changes
    Once saved, your server will block directory browsing.

  2. Test Your Site
    Visit a directory without an index file. You should now see:

   403 Forbidden
Enter fullscreen mode Exit fullscreen mode

Complete .htaccess Example

Here’s a more robust .htaccess configuration:

# Disable directory listing
Options -Indexes

# Force HTTPS for security
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

# Custom error page
ErrorDocument 403 /403.html
Enter fullscreen mode Exit fullscreen mode

Alternative: Disable Directory Listing in cPanel GUI

If you prefer not to edit .htaccess, cPanel also has a Directory Privacy or Indexes option:

  1. Go to Advanced → Indexes in cPanel.
  2. Select the folder you want to secure.
  3. Choose No Indexing.

Key Takeaways

  • Adding Options -Indexes to .htaccess is a quick and effective security measure.
  • It prevents anyone from seeing your site’s folder structure.
  • This method works best for Apache-based servers (common in shared hosting).

Top comments (0)