htaccess deny direct access to folder in website

by Monika Dadool 08-Apr-19

0 3021


Sometime, we do not want users to directly access our website folders for security purposes. As we all know that Apache permits the user to access everything listed on Document Root folder By default. In order to enhance more security, it is recommended to deny direct access to the folder.

Anybody can open your folder directly by writing folder name such as images, JS and CSS along with URL Link and steal all files from that folder.

i.e. If you enter image folder name with URL Link, it will display all the files inside that image folder.

Such as:

http://websitename.com/images_folder
or
http://websitename.com/css

Through the above example, anyone can display entire files on CSS or image folders.

How to prevent this?
This can be prevented by blocking direct access to folders.

Now the question is how we can block direct access to folders?
The exact answer is through .htaccess.

What is .htaccess?
.htaccess acts as a configuration file that permits configuration modifications on a per-directory basis.

Steps to deny direct access through .htaccess

1. Create. htaccess file on the website.
you just need to copy and paste the following simple code in your htaccess file.

Code
# directory browsing
Options All -Indexes

htaccess deny direct access to folder in website

2. Save it. This will never permit users to open files directly.

Example

htaccess deny direct access to folder in website

Share:


Comments

    Waiting for your comments

Leave a Reply