January 18, 2021



Apache – Disable directory browsing in Debian

Disable directory browsing

Disable directory browsingIf you have directory browsing enabled, which it is by default, your users can browse the directories on your web server. This is not particularly good regarding security. So we better disable directory browsing to be on the safe side.

On a Debian server we do that quite easily in the domain config at /etc/apache2/sites-available/
If you have setup more than one domain on your web server, you should go to your domains config file. Here is an example: ‹/etc/apache2/sites-available/example.com.conf
(if you use Apache prior to 2.4 you might not have the .conf extension)

Insert this line into the config file: Options -Indexes

If you only have one domain hosted on your server, you most likely uses the default domain config.
Edit this file: /etc/apache2/sites-available/default
Look for the line: Options Indexes FollowSymLinks MultiViews ExecCGI
And change to: Options -Indexes FollowSymLinks MultiViews ExecCGI

You can now restart or reload your apache server.
service apache2 restart

We have now done disable directory browsing.

Happy browsing!