All web servers are configured to display a default page for a directory if a default file exists. That is how your home page is found when someone simply enters a domain name for the URL for a web site and the home page is displayed. A server is configured to search a list of default file names and if it finds a match, it displays the page. The default files could be similar to what is shown below.

index.htm

index.html

index.shtml

index.php

When someone goes to your site by typing in your URL, the index file is what they normally see first.  This prevents viewing other pages or files you may have in the root directory.  What your visitor actually sees in this case is your home page.

The other directories (sub-folders) on your website, the ones below your root directory, which is typically called “public”, or “public_html”, do not normally have this index file.  If the index page is not there, your visitor may be able to view every web page or file you have in that directory.  A folder without an index file is open and everyone can find your product if they search for it.  You thus should create an index page for all your folders.

You can verify whether or not your site is configured to prevent directory listing. You can test this by entering your URL domain name and a directory name for any directory that exists in your site in your web browser (e.g. URL/temp). Doing this should generate a browser error page or list the contents of the directory.

If we assume you have a sub-directory named temp as given by the previous example, you will see the following if directory listing is not prevented.

Index of / temp

Name——————–Last Modified———-Size

Parent Directory——–30-Apr-2009 11:09—   –

document1.txt———–29-Apr-2009 10:03— 20k

document2.pdf———–28-Apr-2009 06:10— 1831k

document3.doc———–27-Apr-2009 09:10— 568k

The above example shows the complete directory listing of the folder called temp.  All someone has to do is to click on the file to open and possibly modify it.  They can also download any of the files in the directory.  If you happen to be in this situation, you need to add some website protection to your sub-folders.

We see then that if no index page exists on a server configured to prevent listings, an error is normally generated. But when a server is configured to allow a directory listing, the directory index is displayed rather than generating an error.

The index page can be used in any directory on a web site except those directories that already utilize an index page or default page. This includes the root directory. Never place one of these files in the root directory, never overwrite an index page or default page that already exists and never place an index page in a directory where another index page or default page already exists.

The sub-folders index page does not have to be anything special.  It can be a very simple HTML page as you are only using it to close the door on your folders.  The following shows a simple index page you can use.

——————————————————————-

——————————————————————–

The above would show a blank web page. Instead of seeing all the files that you have in sub-folder temp, they would simply see a blank web page.

If you want, you can put some text or graphics between

and

 

You can add some text that perhaps says:

“Internal server error.  Please contact system administrator.”

The text will give the impression that the person trying to get into your site, caused some type of server error and so will hopefully stop them from going any further.  The modified index page is shown below.

———————————————————————

</p> <h1>Server Error</h1> <p>Internal server error.&nbsp; Please contact system administrator.</p> <p>

Source by Joseph Schembri