Stop People From Viewing Files In A Directory With .htaccess

If you have a website, then you will have directories and you might want to stop people from viewing files in a directory. You might want to do this for privacy reasons, or for security reasons. So, if you’re looking to stop people from viewing files in a directory with .htaccess, you’ve come to the right article.

By using the .htaccess method to stop people from viewing files in a directory, people will still be able to see linked files in the directory – they just won’t be able to browse the directory to find unknown files. It’s like the best of both worlds. They can see what you’ve shared, but (unless guessing URLs) can only see what you’ve shared and nothing else.

It’s a handy tool to use and basic security (and privacy) step to prevent snooping around your server – assuming .htaccess is an option. Of course, if you’re just spinning up a quick Python server, it’s not going to be of much help.

Anyhow, this will be a relatively short and easy article, and only applicable to a subset of the site’s visitors. I want to cover more server articles, so we might as well take this one from the previous site and migrate it to this one. 

Stop People From Viewing Files In A Directory:

Open the directory you want to keep private with your favorite FTP client – unless you’re doing this on a local computer. If that’s the case, you can just navigate to the directory.

Create a new file called .htaccess. The ‘.’ is important and mandatory, as it’s a hidden file. If the file already exists, now would be a good time to make a backup.

The permissions for .htaccess should be 644. Your FTP client will let you set permissions. Locally, you can chmod 644 .htaccess and that should work nicely.

Next, you’ll want to edit the .htaccess file with a plain-text editor to add the following line (if the file already exists, be sure to put this on its own line):

Options -Indexes

Save the .htaccess file. Be sure not to modify any other lines in the process. There’s a whole lot that can be accomplished using .htaccess and it can be pretty complicated.

What this will do is prevent indexing the files in that particular folder. If people try to access the folder directly, they’ll get a 403 forbidden error. At the same time, you can still link directly to files in that folder.

So, let’s say you added the .htaccess to a directory called /tmp. You can still link to, use, and send people to /tmp/picture.jpg like normal, but people won’t be able to browse the directory and find files you don’t want them to see. They won’t be able to browse the directory to see that you’ve also uploaded picture2.jpg to the same directory.

For more information, you can click this. (I wasn’t kidding when I said it could get complicated.)

Closure:

Thanks for reading today’s article. Today, we learned how to stop people from viewing the files in a directory – unless you let them know the URL, of course. It’s a pretty handy skill to have, as is basic editing of the .htaccess file.

Thanks for reading! If you want to help, or if the site has helped you, you can donate, register to help, write an article, or buy inexpensive hosting to start your own site. If you scroll down, you can sign up for the newsletter, vote for the article, and comment.