admin/includes/ Directory Listing

The admin/includes/ directory may contain public assets such as javascript libraries and module files that may need to be publicly accessible.

It is important that Directory Listing is disabled for this directory in the web server configration to prevent unauthorized access and snooping of the contents in the directory.

After applying the following configuration, confirm the change by accessing the admin/includes/ directory with your browser. If you receive a Forbidden 403 error page, the configuration was applied successfully. If you receive an Internal Server 500 error page, undo the changes performed and contact your hosting provider or visit our support page for further help.

Apache Web Server

Create or edit the following file and add the following rule:

admin/includes/.htaccess

Options -Indexes

Microsoft Internet Information Services (IIS)

Create or edit the following file and add the following rule:

admin/includes/web.config

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
    <directoryBrowse enabled="false" />
  </system.webServer>
</configuration>

Nginx

In the server configuration, add the autoindex directive to the location block with the correct directory location:

server {
  ...

  location /admin/includes/ {
    autoindex off;
  }
}