Come together with the global Drupal community in Rotterdam, 28 Sept – 1 Oct 2026. Sessions, contribution, connection, and Early Bird savings until 8 June.
By TSNetwork on
Hello,
I've noticed anyone can view any directory of a standart Drupal system freely, for example you can open example.com/modules in your browser and the directory will pop up with all the files in it!
Is this normal? Many sites lead to a 404 in such cases to protect the files, even drupal.org shows a 403 Forbidden error.
How can this be done?
Comments
No, this is not normal.Most
No, this is not normal.
Most probable cause: the default .htaccess file that is shipped with Drupal was not uploaded to the server. (This is quite a common occurrence as many FTP clients consider it a hidden file to be ignored)
Steps to take:
– check whether the root directory contains a file named
.htaccess;– if the file is missing (or is of considerably smaller size than one shipped with Drupal), upload it using a different FTP client or check settings of whatever you use for file transfer;
– if the file is there but has no effect, consult your hosting provider.
Edited: note in italics (shared hosting accounts normally come with their own default .htaccess file which is however not out of box suitable for Drupal)
Thank you for the huge help!
Thank you for the huge help! As it turned out, the htaccess was really missing for some reason from the Drupal root folder. And there I was trying to fix the htaccess in the root of the domain... I wonder what happened.