If you have visited a website and been greeted with a list of files instead of a webpage, the web server is configured to use directory indexes. Directory indexes can be helpful for users who need to locate unknown files, but pose a considerable security threat, and are often used by unscrupulous individuals to locate sensitive data (e.g., passwords, quicken files, product designs, etc.).
Due to the security issues associated with directory indexes, I prefer to disable them on the Apache web servers I support. This is easily accomplished by negating the “Indexes” option in the httpd.conf Directory and Location stanzas, or by overriding the Indexes option in an .htaccess file:
$ cat .htaccess
Options -Indexes
If an .htaccess file is used to override the web server directory indexing default configuration, the web server will need to be configured to allow overrides. There is also a performance penalty associated with .htaccess files, since the web server needs to check for the existance of an .htaccess file in each directory it processes.