Change the setting of the web.config file in the root directory as following.

<directoryBrowse enabled=”false” />

When I test my website, I was surprised to see the list of directories and files for the directory without index file.

In order to prevent my structure of the website from being revealed, I need to edit .htaceess file. However, it is hidden file and I find another way to control access. That is, the alternative is to change the setting of web.config file as above.

Now, the website is a little bit more secured.

 

References:

(1)http://blog.arvixe.com/how-to-use-the-htaccess-file/

(2) http://www.thesitewizard.com/apache/prevent-directory-listing-htaccess.shtml

Add the following line to your .htaccess file.

Options -Indexes

Make sure you hit the ENTER key (or RETURN key if you use a Mac) after entering the “Options -Indexes” words so that the file ends with a blank line.

(3) http://httpd.apache.org/docs/2.2/howto/htaccess.html