Yes, blocking directory index is a good idea in web apps. The index.*
file is interpreted by web server instead of providing standard directory listing. Creating an empty index.*
file is ony one (although the easiest and compatible with all(?) http servers) way of blocking users from viewing the contents of the directory. Another way is to configure webserver to not serve the directory index. In Apache this can be done in the .conf
file with
Options -Indexes
in the <Directory>
clause. Or you might tell apache to:
AllowOverride All
And create a .htaccess
in the directory containing:
Options -Indexes
line.