Prevent Unauthorized Directory Browsing - Prevent unauthorized directory browsing by instructing the server to serve a Forbidden Authorization Required? message for any request to view a directory. For example, if your site is missing the default index page, everything within the root of your site will be accessible to all visitors. To prevent this, include the following .htaccess rule.
# Prevent Unauthorized Directory Browsing Options All -Indexes