Enabling/Disabling Directory Indexes

What Are Directory Indexes

When a visitor accesses a URL that points to a directory (rather than a specific file), the web server looks for an index file such as index.html or index.php. If no index file is found, the server can either display a listing of all files in that directory or return a 403 Forbidden error. This behavior is controlled by the directory index setting.

Security Considerations

Enabling directory indexes can expose the contents of your directories to anyone on the internet. This can reveal:

Backup files that might contain sensitive information.
Configuration files, scripts, or other application internals.
Uploaded media and documents you may not want publicly browsable.

For security, it is strongly recommended to disable directory indexes on production websites. Only enable them on directories where you intentionally want to provide a file listing.

Disabling Directory Indexes via .htaccess

Add the following line to your .htaccess file in public_html:

Options -Indexes

This tells the server to return a 403 Forbidden error instead of listing directory contents when no index file exists.

Enabling Directory Indexes

If you specifically want to allow directory listing (for example, a downloads folder), add this to the .htaccess file in that specific directory:

Options +Indexes

Setting a Custom Index File

You can control which files the server treats as index files and their priority order:

DirectoryIndex index.php index.html index.htm default.html

The server will try each file in order and serve the first one it finds.

Using DirectAdmin

Log in to DirectAdmin.
Navigate to Advanced Features.
Look for Directory Indexing or Indexes.
Select the directory and toggle indexing on or off.
Click Save to apply the changes.

Changes to .htaccess take effect immediately. There is no need to restart the web server.