Ftp security

Hey all
I have question if you dont mind mee ask.
I have apache, ftp and mysql installed in centos.
when you enter the http : // ip address
Apache gets the user name and password on page , checks with mysql and opens ftp to user
however if I type the http : // ip address/ftp/ I am able to access all data without entering user and password which is kind of an open gate that we do not want.
basically user ftp directory is /var/www/ftp and whoever types my server url and adds /ftp , he is able to see all ftp content. I do not know it is apache or ftp user issue

I think I am missing somethings.
Do you guys have any idea about that?
all suggestions are more than welcome.
thank you in advance

What exactly is http://ip address/ftp ? How is your FTP server set up? Going to http:// will display a web page (or files). You can deny access to directory listings via Apache if this is what you want.

However, if you meant that you typed ftp://ip address/ftp, then my question would be: When did you try this? If immediately after ftp://ip address, then the user/pass was probably stored on the machine (cookie or whatnot).

thank you
You were right
as you said "You can deny access to directory listings via Apache if this is what you want."
httpd.conf
To disable directory listing
Options Indexes FollowSymLinks
I just removed ‘Indexes’ from the line.
I appreciate.

Glad you got it sorted... and thanks for posting back what you did.