Disable Directory Listing Without Slash – Apache Config

By | May 2, 2008

Sometimes you need to deny directory listing on user input. For example, you don’t want your blog to be accessed at http://yoursite.com/blog, using only http://yoursite.com/blog/. This slash is added by mod_dir, that allows automatic adding of trailing slashes. A “trailing slash” redirect is issued when the server receives a request for a URL http://servername/foo/dirname where dirname is a directory. Directories require a trailing slash, so mod_dir issues a redirect to http://servername/foo/dirname/.

In order to deny directory listing for any reason, you need to add the following code:

<Location /some/path>
DirectorySlash Off
SetHandler some-handler
</Location>

Make sure to read the following warning (Taken from Apache web site )

Security Warning:

Turning off the trailing slash redirect may result in an information disclosure. Consider a situation where mod_autoindex is active (Options +Indexes) and DirectoryIndex is set to a valid resource (say, index.html) and there’s no other special handler defined for that URL. In this case a request with a trailing slash would show the index.html file. But a request without trailing slash would list the directory contents.

You can read more about this module at http://httpd.apache.org/docs/2.0/mod/mod_dir.html