How to disable access directory listing?

Hello, I am a newbie here.
In other cases my native language is not English, and mostly I use google translate.

What I’m Talking About

To the topic.
Another time, I saw some websites blocking users from accessing the sub folders.
For example:

sofa.my.id/assets/css/style.css ** or

index.html
assets > css > style.css

If I go to the ‘assets’ or ‘css’ folder using the manual url, it will redirect to the 403 page.
But I can still access the style.css file


Because I am curious and interested to try it. I looked for references and ended up in a directory listing topic. After reading several articles, it was explained that the directory listing can be modified with a file called .htaccess. Then i find out what is .htaccess and how to use it.

Sadly, i don’t understand and can only follow the guide without understanding how it works.

Issue Problems

After searching for a guide on this forum, someone say to add Option -Indexes to the .htaccess file, then I tried it. But it didn’t work, until now. And I haven’t deleted the script yet.

Not satisfied, I noticed that I can change folder permissions manually. So I did, by changing the code 755 to 403 in all folders.

In hopes can blocking the user from accessing the sub folders.
In fact – yes. But create new problems.

Many functions fail to read the directory. Such as images, icons, etc. Though I didn’t change any permissions on images, icons or similar, and only folder permissions were changed.

Other Information

After all that happened, I calmly returned the permissions code of all folders to normal (755). But still, there are some files that the directory cannot read. So, I rename the file and everything went back to normal. Then I wrote the problem in this forum.


As shown in the title, How to disable access directory listing ? And what must I do now ?
Please someone help ! Thank you :pray:t2:

Are you about to lock people out of accessing this file? If yes, it won’t be executed by browsers and it’ll crash your website design.,

No, I just want block people accessing all folders such as “assets” and “css”. Not the file.

You can just add blank index.php or index.html inside those folder.

If you choose index.php, you can also put this code inside it:

<?php
header('Location: /');
?>

If someone access it, it’ll redirect to your home site.

1 Like

The 755 is a file permission. The 403 is a HTTP status code. They are very different things. Do not try setting HTTP status codes as file permissions, the result may vary but will NOT do what you want them to. You may have broken your website with this, and should undo this change immediately.

It’s Options -Indexes. That first S is important. I added the character to your .htaccess file, and it seems to be working now.

3 Likes

Okay, thanks a lot admin, for explaining and fixing trivial errors that shouldn’t happen. :pray:t2:
But this time I want to describe the current condition which is fairly good, and want to ask one thing.


The Current Situation

To be honest the website already broken, there are some functions that are not functioning properly as I wrote earlier. Even after changing file permissions.

Good news, now I’ve fixed it by re-uploading the manual backup file. And everything is running normally.


Another Question

If there are no problems, can @Admin explain about this one?

I have read this article, but what I learned is that there are only 3 permission classes available (owner, group, other people), and permission types (4-2-1 or rwx) in each class etc. And I can not find a single sentence explaining the difference between 700+ and 400+ permissions.

So I still wonder, where is the difference?


Again, if you don’t mind, can you explain in more detail ? So that I can understand better. :pray:t2:

Command Meaning
chmod 400 file To protect a file against accidental overwriting.
chmod 500 directory To protect yourself from accidentally removing, renaming or moving files from this directory.
chmod 600 file A private file only changeable by the user who entered this command.
chmod 644 file A publicly readable file that can only be changed by the issuing user.
chmod 660 file Users belonging to your group can change this file, others don’t have any access to it at all.
chmod 700 file Protects a file against any access from other users, while the issuing user still has full access.
chmod 755 directory For files that should be readable and executable by others, but only changeable by the issuing user.
chmod 775 file Standard file sharing mode for a group.
chmod 777 file Everybody can do everything to this file.

it is much clearer if you use a calculator and use the desired checkboxes https://chmod-calculator.com/

3 Likes

It’s simple like this:

____________| Owner | Group | Other |
Read (4)    |
Write (2)   |
Execute (1) |
------------
Total       |

For example 755 on directory:

____________| Owner | Group | Other |
Read (4)    | v     | v     | v     |
Write (2)   | v     |
Execute (1) | v     | v     | v     |
------------
Total       | 7     | 5     | 5     |

For directory/folder, it’s mandatory to have Execute (1) permission for Apache service (in this hosting = Owner, in localhost usually Group or Other) so it (or files inside it) can be accessed by public.

For example you have assets folder & set its CHMOD to 403:

____________| Owner | Group | Other |
Read (4)    | v     |
Write (2)   |       |       | v     |
Execute (1) |       |       | v     |
------------
Total       | 4     | 0     | 3     |

Eventhough the folder has Execute (1) permission for Other, public still can’t access it by using its URL (e.g.: example.com/assets/) because Apache service can’t access it.

So it’s really different with HTTP status code, although their number is same (e.g.: 404 for error page, 403 for forbidden page, etc.).

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.