Hide/Redirect directories

[elimae17]

Hi,

this might be a very amateur question but I do not really have webserver experience so I hope someone can help. I use cPanel and WordPress for our company's website with the main domain "maindomain.com" and the addon domain "addondomain.com" for YOURLS. Their respective files are all in their own directory. cPanel automatically creates a linked subdomain if one uses addon-domain which looks like this: "addondomain.maindomain.com" (https://docs.cpanel.net/cpanel/domains/addon-domains/#subdomain-creation). The addon domain redirects to the main domain. Everything works fine.

But I noticed that some of the YOURLS directories are visible on the web. For example: ccs, images, includes etc. So when I type "addondomain.com/images" in my webbrowser, I can see the whole index of the files (see Screenshot). Is there a way to restrict access to these directories so that the user gets a error messages when trying to point to them? Or even better, that he gets automatically redirected to the main domain, like it happens with /user? Do I have to make changes to the .htaccess file, and if so, which?

My htaccess file looks like this:

# BEGIN YOURLS
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ /yourls-loader.php [L]
</IfModule>
# END YOURLS
RewriteCond %{HTTP_HOST} ^addondomain\.maindomain\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.addondomain\.maindomain\.com$
RewriteRule ^(.*)$ "https\:\/\/maindomain\.com\/$1" [R=301,L]
RewriteCond %{HTTP_HOST} ^addondomain\.at$ [OR]
RewriteCond %{HTTP_HOST} ^www\.addondomain\.at$
RewriteRule ^/?$ "https\:\/\/maindomain\.com\/" [R=301,L]

I would really appreciate if someone could help me!

Thanks
Elias

[dgw]

Options -Indexes in the .htaccess for your domain, maybe.

Zero experience with LiteSpeed, but supposedly it Just Works with (most?) Apache directives.

[ozh]

Either you can modify the server config, as @dgw said. Other, simple and cheap option: copy the index.html from user/ in the directory you want to hide content from. Note that it does nothing from a security POV, it's just cosmetic.

[elimae17]

Thank you both for yours answers, both suggested solutions worked great!

@ozh because you said that it doesn't have an impact in terms of security, is there anything esle I should consider doing security wise to protect unwanted access or can I leave it as deafault?

[ozh]

Start with https://docs.yourls.org/ and search for "security"