How to prohibit directory listing in php: first find and open the "httpd.conf" file; then add the "–" symbol in front of "Indexes" in "Options Indexes FollowSymLinks"; finally save the changes.
Recommended: "PHP Video Tutorial"
Configuration method to disable display of directory file list in Apache
If you enter the address of a virtual directory: http://localhost:8080/b/
If there is no index.html in the virtual directory, the browser will also display the directory structure of the virtual directory. List the files and subdirectories under this virtual directory.
How to prevent Apache from displaying directory listing?
To prevent Apache from displaying the directory structure list, just remove Indexes in Option.
For example, let’s take a look at the directory configuration of a directory:
<Directory "D:/Apa/blabla">
Options Indexes FollowSymLinks #----------> Options FollowSymLinks AllowOverride None
Order allow,deny
Allow from all
</Directory>You only need to remove Indexes in the red code above to prevent Apache from displaying the directory structure. The user will not see the list of files and subdirectories in this directory.
The function of Indexes is to display the directory structure when there is no index.html file in the directory. If Indexes is removed, Apache will not display the list of the directory.
If set like this, the directory list may still be displayed:
<Directory / >
Options FollowSymLinks AllowOverride None
Order allow,deny
Allow from all
</Directory>Second method
Edit the httpd.conf file Edit the httpd.conf file
vi ./conf/httpd.conf
Find the following content:
……
<Directory “C:/Program Files/Apache2.2/htdocs”>
#
# Possible values for the Options directive are “None”, “All”,
# or any combination of:
Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that “MultiViews” must be named *explicitly* — “Options All”
# doesn’t give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be “All”, “None”, or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
……Add the – symbol in front of Indexes in Options Indexes FollowSymLinks.
That is: Options -Indexes FollowSymLinks
[Note: before Indexes, adding means allowing directory browsing; adding – means prohibiting directory browsing. 】
In this case, the entire Apache prohibits directory browsing.
If it is in a virtual host, just add the following information:
<Directory “D:\test”>
Options -Indexes FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all
</Directory>In this case, directory browsing under the test project is prohibited.
Note: Remember not to change "Allow from all" to "Deny from all", otherwise, the entire website cannot be opened.
There is another method:
You can enter
<Files *> Options -Indexes </Files>
in the .htaccess file in the root directory to prevent Apache from listing the directory structure.
The above is the detailed content of How to prohibit directory listing in php. For more information, please follow other related articles on the PHP Chinese website!
ACID vs BASE Database: Differences and when to use each.Mar 26, 2025 pm 04:19 PMThe article compares ACID and BASE database models, detailing their characteristics and appropriate use cases. ACID prioritizes data integrity and consistency, suitable for financial and e-commerce applications, while BASE focuses on availability and
PHP Secure File Uploads: Preventing file-related vulnerabilities.Mar 26, 2025 pm 04:18 PMThe article discusses securing PHP file uploads to prevent vulnerabilities like code injection. It focuses on file type validation, secure storage, and error handling to enhance application security.
PHP Input Validation: Best practices.Mar 26, 2025 pm 04:17 PMArticle discusses best practices for PHP input validation to enhance security, focusing on techniques like using built-in functions, whitelist approach, and server-side validation.
PHP API Rate Limiting: Implementation strategies.Mar 26, 2025 pm 04:16 PMThe article discusses strategies for implementing API rate limiting in PHP, including algorithms like Token Bucket and Leaky Bucket, and using libraries like symfony/rate-limiter. It also covers monitoring, dynamically adjusting rate limits, and hand
PHP Password Hashing: password_hash and password_verify.Mar 26, 2025 pm 04:15 PMThe article discusses the benefits of using password_hash and password_verify in PHP for securing passwords. The main argument is that these functions enhance password protection through automatic salt generation, strong hashing algorithms, and secur
OWASP Top 10 PHP: Describe and mitigate common vulnerabilities.Mar 26, 2025 pm 04:13 PMThe article discusses OWASP Top 10 vulnerabilities in PHP and mitigation strategies. Key issues include injection, broken authentication, and XSS, with recommended tools for monitoring and securing PHP applications.
PHP XSS Prevention: How to protect against XSS.Mar 26, 2025 pm 04:12 PMThe article discusses strategies to prevent XSS attacks in PHP, focusing on input sanitization, output encoding, and using security-enhancing libraries and frameworks.
PHP Interface vs Abstract Class: When to use each.Mar 26, 2025 pm 04:11 PMThe article discusses the use of interfaces and abstract classes in PHP, focusing on when to use each. Interfaces define a contract without implementation, suitable for unrelated classes and multiple inheritance. Abstract classes provide common funct
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment
PhpStorm Mac version
The latest (2018.2.1) professional PHP integrated development tool
SecLists
SecLists is the ultimate security tester's companion. It is a collection of various types of lists that are frequently used during security assessments, all in one place. SecLists helps make security testing more efficient and productive by conveniently providing all the lists a security tester might need. List types include usernames, passwords, URLs, fuzzing payloads, sensitive data patterns, web shells, and more. The tester can simply pull this repository onto a new test machine and he will have access to every type of list he needs.
DVWA
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software
VSCode Windows 64-bit Download
A free and powerful IDE editor launched by Microsoft
