Follow
Ubuntu Linux

Disable Nginx Directory Listing on Ubuntu 24.04

Richard
Written by
Richard
Feb 19, 2025 Updated Mar 20, 2026 3 min read
Disable Nginx Directory Listing on Ubuntu 24.04
Disable Nginx Directory Listing on Ubuntu 24.04

You disable Nginx directory listing on Ubuntu 24.04 by setting the `autoindex` directive to `off` within your Nginx server block configuration.

Directory listing, also known as `autoindex`, displays the contents of a web server directory when no default index file like `index.html` is found. Disabling it is a key security measure that prevents unauthorized users from browsing your server’s files and uncovering sensitive information.

When `autoindex` is off, attempts to access a directory without an index file will result in a 403 Forbidden error, effectively blocking access to the directory listing. This tutorial guides you through the specific steps to achieve this on your Ubuntu 24.04 system.

⚡ Quick Answer

Edit your Nginx configuration file, typically `/etc/nginx/nginx.conf`, and set `autoindex off;` within the http block. Alternatively, disable it for a specific site by adding `autoindex off;` within its server block’s location. Restart Nginx to apply changes.

Disable directory listing

The Nginx global configuration file is located at this path: /etc/nginx/nginx.conf.

You will find a line in this file dealing with directory listing. Directory listing is enabled by default.

Run the command below to open the global configuration file.

🐧Bash / Shell
sudo nano /etc/nginx/nginx.conf

The http {} block with the ‘autoindex‘ option enables or disables directory listing in Nginx globally.

💻Code
http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        types_hash_max_size 2048;
        # server_tokens off;

        autoindex on;

....
}

Remove or add the ‘autoindex on;‘ line in the configuration to enable directory listing globally.

If you want to disable the directory listing for all content in Nginx, change the block above to the one below.

💻Code
http {

        ##
        # Basic Settings
        ##

        sendfile on;
        tcp_nopush on;
        types_hash_max_size 2048;
        # server_tokens off;

        autoindex off;

....
}

Save the exit the file.

Restart Nginx to apply your changes.

Add the ‘autoindex on;‘ to re-enable the directory listing.

Disable directory listing selectively

You can selectively disable directory listing in individual website configuration files if you do not want to change Nginx’s global configuration file.

For example, here’s a basic configuration for a website that disables directory listing.

💻Code
server {
        listen 80 default_server;
        listen [::]:80 default_server;
        root /var/www/html;
        index index.html index.htm index.nginx-debian.html;
        server_name _;
        
location / {
        autoindex off;
        try_files $uri $uri/ =404;
        }
}

This configuration only impacts the /var/www/html/ website in Nginx’s directory.

That should do it!

Conclusion:

  • Enabling directory listing allows users to see directory contents, which may be useful for public access.
  • Disabling directory listing enhances security by preventing unauthorized exploration of files.
  • The global setting in Nginx can easily be adjusted in the nginx.conf file.
  • Selective configuration in individual website files provides flexibility in managing directory listing.
  • Always remember to restart Nginx after making changes to apply the new settings.

Why is it beneficial to disable the webserver directory listing functionality?

Leaving directory listing enabled can expose critical information, such as hidden scripts, backups, or configuration files, which could be used in cyberattacks. Disabling it adds an extra layer of security, ensuring that unauthorized users cannot easily browse and analyze your server's structure.

What is directory listing enabled?

Directory listing is a web server function that can cause a vulnerability. When enabled, it displays the contents of a directory that has no index file. This function should always be turned off. It is dangerous to leave it enabled because it leads to information disclosure.

What are two remediation methods for preventing directory listing exploits?

Remediation: Directory listing This can normally be achieved in two ways: Configure your web server to prevent directory listings for all paths beneath the web root; Place into each directory a default file (such as index. htm) that the web server will display instead of returning a directory listing.

Was this guide helpful?

Tags: #Nginx #Ubuntu Linux
Was this helpful?
Richard

About the Author

Richard

Tech Writer, IT Professional

Richard, a writer for Geek Rewind, is a tech enthusiast who loves breaking down complex IT topics into simple, easy-to-understand ideas. With years of hands-on experience in system administration and enterprise IT operations, he’s developed a knack for offering practical tips and solutions. Richard aims to make technology more accessible and actionable. He's deeply committed to the Geek Rewind community, always ready to answer questions and engage in discussions.

📚 Related Tutorials

How to Setup WordPress with Nginx and Cloudflare on Ubuntu
CMS How to Setup WordPress with Nginx and Cloudflare on Ubuntu
How to Add or Remove Index Locations in Windows 11
Windows How to Add or Remove Index Locations in Windows 11

No comments yet — be the first to share your thoughts!

Leave a Comment

Your email address will not be published. Required fields are marked *