Disable directory indexing
Directory indexing allows web servers to list the contents of directories
when no default file (like index.
) is present. If enabled, it can
expose sensitive file structures to the public or search engines.
This section explains how to disable directory indexing for TYPO3 across common web servers.
Disable indexing in Apache (.htaccess)
This applies to Apache web servers, especially in shared hosting environments
where configuration is done via .htaccess
files.
In Apache, directory indexing is controlled by the Indexes
flag within the
Options
directive.
TYPO3's default .htaccess
disables indexing with the following setting:
<IfModule mod_autoindex.c>
Options -Indexes
</IfModule>
Alternatively, set this directly in your Apache site configuration:
<IfModule mod_autoindex.c>
<Directory /var/www/myhost/public>
Options FollowSymLinks
</Directory>
</IfModule>
See the Apache Options directive documentation for more information.
Disable indexing in Nginx (server block)
This applies to Nginx installations where settings are configured in the server block (virtual host configuration).
Although directory listing is disabled by default in Nginx, you can explicitly
disable it by setting autoindex off;
:
server {
location /var/www/myhost/public {
autoindex off;
}
}
Disable indexing in IIS (Windows Server)
This applies to IIS web servers on Windows Server systems.
Directory listing is disabled by default. If enabled, you can turn it off using the IIS Manager:
- Open the Directory Browsing settings
- Set the feature to Disabled
Or use the command line:
appcmd set config /section:directoryBrowse /enabled:false