How To Use .htaccess to Prevent Apache HTTPD Directory Listing
By Angsuman Chakraborty, Gaea News NetworkSunday, March 16, 2008
Apache HTTPD servers are configured by default to display directory listing, when index files like index.htm or index.html of index.php etc. are not present in the directory. This can expose sensitive information to prying eyes and are often indexed by search engines. This can compromise your data by making it visible to unintended audience. The solution is simple. You can add a line to your .htaccess file (create the file if not present) to prevent directory listing for that directory and its sub-directories:
IndexIgnore *
The * matches all files in the directory. You can also restrict only a subset of file from being displayed. For example if you would want the directory content to be listed but not include the images in the listings then you should use this command:
IndexIgnore *.png *.gif *.jpg
This would return a list of all files not ending in .png, .jpg or .gif, but would still list .txt, .html, etc.
On the other hand if your server is setup to prevent directory listing, but you want to list the directories by default, then add the following in your .htaccess file:
Options +Indexes