Displaying Directories

Websites commonly use directories or folders to organize the website files. Typical directories are css, images, and includes. Can people look at what is in your directories? Try this: your-domain.com/images/ and see if you get a list of files.

It could be a security issue if people can see into the directories of your website and select files to see. It is normally a better situation to prevent people from seeing your directories.

There are various ways to deal with this situation.

Here is one government site where you can see the list of images:

http://quake.usgs.gov/images/

Depending on many factors, you might get an error message like this:

Forbidden

You don't have permission to access /images/ on this server.

One way to deal with the situation is to add an index.htm or index.html file to the directory and display an error message.

I do not care for any of these scenarios.

I create the following kinds of redirect statements in the .htaccess file.

Benefits:

There is no error message displayed.
People cannot look in the directories to see what files are there.
Anyone that tries to display a directory just sees the website homepage.
The index.htm files do not have to be physically present.

Redirect /css/index.htm http://www.wizard-creek.com/index.htm
Redirect /dwt/index.htm http://www.wizard-creek.com/index.htm
Redirect /images/index.htm http://www.wizard-creek.com/index.htm

Example

Follow the link to see one example:
http://www.wizard-creek.com/images/ trying to look at the directory will send you to the home page.