Protect Your Server By Turning Off Index Browsing By: Garrett Blanton - March 10, 2010 JVF Consulting takes great pride in making sure all of our websites are secure when they’re deployed. Visitors to your website should not be able to browse or download files they’re not supposed to. For those of you with Apache servers who haven’t disabled index browsing these steps will help protect your files from being exposed to the public. When you deploy a website on an Apache server, it can be vulnerable unless you protect it by applying the most basic security feature, disabling directory browsing. To disable directory browsing in apache web server you need to edit the .htaccess file located in the root directory. To disable directory browsing using .htaccess first locate and open the htaccess file. If you do not see a line that says Options –Indexes, create a new line and add it. Once the file is saved and uploaded your website is now secure. For those of you who have cPanel installed on their hosting environment, first login to your cPanel dashboard. Next, click on Index Manager. From there you will be taken to a directory list. Click on the directory name which you want to disable. Select the No Indexing box, and click Save. The directory browsing feature is now disabled. This simple 5 minute step of precaution could save you hours of hard work if your server was ever compromised. Here is an example of the 404 page you will be redirected to if you setup the htaccess file correctly.