The includes/ directory may contain public assets such as javascript libraries and module files that may need to be publicly accessible.
It is important that Directory Listing is disabled for this directory in the web server configration to prevent unauthorized access and snooping of the contents in the directory.
After applying the following configuration, confirm the change by accessing the includes/ directory with your browser. If you receive a Forbidden 403 error page, the configuration was applied successfully. If you receive an Internal Server 500 error page, undo the changes performed and contact your hosting provider or visit our support page for further help.
Create or edit the following file and add the following rule:
includes/.htaccess
Options -IndexesCreate or edit the following file and add the following rule:
includes/web.config
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<directoryBrowse enabled="false" />
</system.webServer>
</configuration>In the server configuration, add the autoindex directive to the location block with the correct directory location:
server {
...
location /includes/ {
autoindex off;
}
}