DirectoryIndex
(part of mod_dir) sets the file to serve when the client requests a directory. So, to restrict access to this file, you need to use a <Files>
(or <FilesMatch>
) directive. (You can't reference whatever file(s) the DirectoryIndex
directive refers to.)
For example, if your DirectoryIndex
is set to index.html
, then:
<Files "index.html">
AuthUserFile C:\XXXXXXXXX\htpasswd
AuthGroupFile /dev/null
AuthName "Password Protected!"
AuthType Basic
Require valid-user
</Files>
If you have multiple possible DirectoryIndex
documents then you can use a <FilesMatch>
container instead that takes a regex as its argument. For example, if DirectoryIndex index.php index.html
is set then:
<FilesMatch "^index\.(html|php)$">
# etc.
</FilesMatch>
Or, by "directory indexing", are you referring to generated directory-listings (mod_autoindex)? But this has little to do with DirectoryIndex
itself, except that (if enabled) the directory listing is only generated when the DirectoryIndex
document does not exist.
In this case, to protect the directory-listing only (i.e bare directory) then you can also use a Files
container, but specify an empty file. For example:
# Protect directory-listing only
<Files "">
# etc.
</Files>
<Limit DirectoryIndex>
The Limit
directive restricts the enclosed directives to the stated HTTP request method(s) (ie. GET, POST, etc.). DirectoryIndex
is an Apache directive, not an HTTP request method, so this is invalid.