Disabling Directory Browsing in Linux/Apache

I have a web hosting customer who wants directory browsing disabled.Meaning if someone puls up URL he doesnt want them to see his directory listing. I have researched and tried many thing which havent worked. First I have come to the conclusion that this is fixed by editing on of the 3 httpd.conf-srm.conf or access.conf. I have attempted making a directive in the virtual host block next to options which said -Indexes. This did not work.I tried using an .htaccess file for 404 errors that didn't work. I've searched these files looking for a comment allowing this on my server and can't find anything.Below is a sample virtual host block if that helps.I've changed the IP/domain to protect the innocent =) I really need some help Ive been searching for days, Ive looked at apache's site and their answers didnt work either. THANKS TO ANYONE WHO CAN HELP!!!

<VirtualHost 11.11.11.111>
<Directory /home/$user/www/serversecure>
Options +ExecCGI +FollowSymLinks
AllowOverride All
</Directory>
ServerAdmin webmaster@user.com
DocumentRoot /home/$user/www
ServerName user.com
ServerAlias URL
Group nobody
ErrorLog logs/user.com.error_log
CustomLog logs/user.com.access_log wusage
ScriptAlias /cgi-bin/ /home/$user/www/cgi-bin/
</VirtualHost>

THANKS AGAIN!

>>I have attempted making a directive in the virtual host block next to options which said -Indexes. This did not work.

You need to run apachectl graceful. If you have done that, then scroll down and see below. Your customer is seeing the directory listing because you have enabled it globally.

<VirtualHost 11.11.11.111>
<Directory /home/$user/www/serversecure>
Options +ExecCGI +FollowSymLinks -Indexes
AllowOverride All
</Directory>

One thing you need to check now is whether or not there is an .htaccess file at /home/$user/www/serversecure/.htaccess. His own .htaccess can override everything you have listed in Options above since you have AllowOverride All enabled. Of course, you also can tell that customer to place an .htaccess in /serversecure directory himself with Options -Indexes in it. If this doesn't work still, there must be some misconfiguration somewhere in your httpd.conf.

Thanks for the reply. Unfortunately im still a bit of a newbie.Or at least everytime someone comes up with something off the wall i feel like one. The serversecure block relates to our user interface and it does have an .htaccess file but it is related to password protecting the user interface.This customer just wants his folders he creates to be unbrowsable. Im afraid i dont know what you mean when you say run the <b>apachectl graceful</b>. Do i have to run this no matter what or can i tell this person to put an .htaccess file saying Options -Indexes in every folder he doesnt want browsed? If this is the case is it just a file that says that or do I need to include something else in the file along with that line?

Thanks for the help!

According to your setting, the docroot is /home/$user/www for him, so by placing an .htaccess in /home/$user/www/.htaccess with Options -Indexes should disable directory browsing for his site entirely (including his cgi-bin, which is also under www dir).

First off, is /home/$user/www a symlink? If so, you should add Options +FollowSymLinks to /home/$user/www directory. Of course, if your httpd.conf currently doesn't have a global directory block for /home/*/www, you then need to add one. What I mean global is the one that apply for all /home/*/www users.

i.e.

<Directory /home/*/www>
Options Indexes FollowSymLinks ExecCGI
AllowOverride All
</Directory>

You also should remove this entirely:

<Directory /home/$user/www/serversecure>
Options +ExecCGI +FollowSymLinks
AllowOverride All
</Directory>

You, as the host, don't need to do this, you have AllowOverride All enabled, so let your particular users to do it themselves.

apachectl graceful is to restart apache to re-read your httpd.conf. You, as the host, definitely don't want to do that. So the best way to solve that customer's problem is to tell him to put an .htaccess file to his /home/thatcustomer/www/.htaccess with Options -Indexes. This way, his changes only apply to his site and not affecting other customers who want to have directory browsing enabled.