What is open directory listing

By default, if a website does not include an index file in a directory it will display all files and allow for browsing. Depending on the files this can be harmless. However, websites often store backup files and sensitive information within a folder and so if directory listing is enabled an attacker may be able to stumble upon these.

Although it is often overlooked, directory listing can easily be disabled by making use of a .htaccess file and using the following instruction.

Options -Indexes
ErrorDocument 403 /index.php

So, what exactly is happening here? The first line Options -Indexes is simply restricting access to directories. Should an attacker try to access a directory they will be displayed a 403 forbidden page. The following line ErrorDocument 403 /index.php informs the webserver to redirect to the root index file should a 403 error be displayed.

Make a suggestion +

Notice something not quite right? That's fine we're not perfect. Why not make a suggestion on our community forum, you should be able to see the correct formatting below.

Page Title:
Make suggestion

Still need help?

Are you having trouble using arctil? Why not try reaching out to our Community Forum.

Alternatively, you can try contacting us through the Contact page.