One of the “must do’s” on setting a secure apache web server is to disable directory browsing.
Usually apache comes with this feature enabled but its always a good idea to get it disabled unless you really need it.
First of all find where is the main apache’s config file httpd.conf is located.
Usually it will be located in path like this: /etc/apache/httpd.conf.
To edit this file you will need root access to your server.
Using some file editor like Vim or Nano open this file and find the line that looks as follows:
Options Includes Indexes FollowSymLinks MultiViews
then remove word Indexes and save the file. The line should look like this one:
Options Includes FollowSymLinks MultiViews
After it is done, restart apache (e.g. /etc/init.d/apache restart).
That’s it!