"Description" field in directory display

Discussion in 'Apache' started by capricorn, Jul 9, 2026 at 8:09 PM.

  1. #1
    On the rare occasions that I have enabled the display of the contents of a web directory on my site (via "Options +Indexes"), I wondered what the intended meaning is of the "Description" field that appears next to each file name. Do I have control over the contents of this field (which, in my experience, has always been blank)? If I do, then how?
     
    Solved! View solution.
    capricorn, Jul 9, 2026 at 8:09 PM IP
  2. #2
    You have complete control over that field. You just need to add AddDescription "Your text here" filename.ext to your .htaccess file. However, only do this if you are comfortable editing that file, otherwise, you can just leave it alone, as it won't change anything noticeable.

    You have a much more serious issue to address. When you use Options +Indexes, you allow anyone to browse your server folders. Hackers can break into those folders or steal your passwords.

    It is highly recommended to use Options -Indexes (with a minus sign) to disable directory browsing. Again, only do this if you know what you are doing, otherwise, find someone who does.



     
    qwikad.com, Jul 10, 2026 at 4:45 AM IP
  3. capricorn

    capricorn Peon

    Messages:
    2
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    1
    #3
    Thank you very much for this helpful answer. If I may impose on you further, in my particular case the directory I am displaying contains no files that should not be viewed by outsiders, and the parent directory has an index.html file. Is it still dangerous to use use Options +Indexes in this directory? BTW, I am a fairly experienced programmer and can edit files on my server.
     
    capricorn, Jul 10, 2026 at 11:31 AM IP
  4. qwikad.com

    qwikad.com Illustrious Member Affiliate Manager

    Messages:
    7,475
    Likes Received:
    1,757
    Best Answers:
    32
    Trophy Points:
    475
    #4
    Reading your reply, maybe there's no immediate danger then. But it is still a security risk because future files or subdirectories you add could accidentally expose sensitive data to automated scrapers. If you decide to keep directory browsing active, you should at least hide your sensitive files using something like this (adjust it to match your own configurations):

    Options +Indexes
    # Hide .htaccess, php files, logs, and hidden dotfiles from the list
    IndexIgnore .htaccess .htpasswd *.php *.log .*
    Code (markup):
     
    qwikad.com, Jul 10, 2026 at 5:54 PM IP