My solution to stop displaying directory's content as list and display 404 error is simple. Create .htaccess file in root directory of your project and write which directories should be protected.
Directories structure
- your_root_directory
- .htaccess
- 404.html
- index.html
- app
- other files I do not want to show
- models
- other files I do not want to show
.htaccess
RewriteEngine On
RewriteRule ^app/ - [R=404,L]
RewriteRule ^models/ - [R=404,L]
ErrorDocument 404 /your_root_directory/404.html
The second line of .htaccess disallow access to list items in app directory and all its subridectories.
The third line of .htaccess disallow access to list items in models directory and all its subridectories.
The fourth of .htaccess line sets our own 404 error (if you do not want to show apache default error).
Remember to clear cache on your browser when you work with htaccess.