Apache’s web server default behaviour allows users visiting your website to see the contents of a directory if you haven’t defined a default index file (e.g. index.html or index.php).
Leaking such kind of information to the world is very dangerous because malicious users are given a better clue of your website structure or the building blocks of your web application.
In this, guide, we will show you how to disable directory browsing on cPanel and make your website more secure.
- A domain name e.g. www.example.com
- Web hosting account that supports Cpanel
- Cpanel username and password.
Step 1: Login to your cPanel account
First, visit your cPanel account by typing the domain name followed by ‘/cpanel’. Enter your username and password and click on ‘Login’
Step 2: Locate Index manager from the dashboard
In cPanel dashboard, type the word ‘indexes’ on the search box as shown below and click the icon that appears below:
Step 3: Use Index Manager to disable directory listing
On the next screen, cPanel Index Manager will display all the top level directories from your hosting account. You need to select the directory that you want to customize. So, because you are protecting directories under the root of your website, select the ‘public_html’ folder
Next there is an option for customizing how your web directories will be viewed on the web.
The index manager allows you to choose from different options including:
- Default System settings,
- No Indexing,
- Standard Indexing
- Fancy Indexing
To completely switch off directory listing on your account, choose ‘No Indexing’ as shown on the image below:
Step 4: Testing the setup
Create a new ‘test’ directory under the ‘public html’ folder using cPanel file manager
Then, visit your new ‘test’ directory on a web browser using the URL ‘www.example.com/test’. Remember to replace ‘example.com’ with your domain name. If directory listing was disabled successfully, you should see the error message below.
That’s all when it comes to disabling directory browsing in your cPanel account. From this point forward, anyone trying to visit a directory with no default page will get a forbidden error message. This will add a new layer of security to your website because users will no longer be able to view the structure of your website or web application.