While working on the JJTCMS, I noticed that putting in the directory name that does not have an 'index' page in gives you a list on the files in that directory in Apache. As well as being ugly, it gives an attacker information about the layout of your website, something I'm sure you would prefer they didn't have.

Luckily, Apache has a simple, yet effective way of stopping this, and instead giving a 403 Forbidden Error. To do this, simply add the line

Options -Indexes

to your .htaccess. Simple, but effective, and when a user tries to view the directory they will get a 403 error page!