How to prevent others from accessing your public asset folders

Most of the web developer forgot to secure their assets folders in public directory. The real problem comes when you are storing your user's profile photos or other sensitive information which you don't want others to see. A spammer can just sweep through your entire unprotected image directory and download everything. An example is if you are storing all images in assets/images folder a spammer can see all your images by going to yoursite.com/assets/images. This is very dangerous and you don't want to make that simple mistake.

Here is the solution. There are two approaches.

1) By using .htaccess file

Put a .htaccess file in the parent directory you want to protect. For example, if you want to protect images folder inside assets folder put a .htaccess file in the assets folder. All subdirectories of assets folder will be automatically secured.This is the easiest method if you have a lot of subdirectories in public assets folder. Here is the code for .htaccess file

Options +Indexes 
# or #
IndexIgnore *

2) By using an index.html file

This method works well with all Apache servers. The concept is so simple apache server will load your index.html file first if you access that folder. The main advantage of this approach is you can customise your error message with some CSS to make a better look when spammer access that directory. The main drawback is you need to put index.html file is all subdirectories too. Here is the sample code for index.html file

<!DOCTYPE html>
<html>
    <head>
        <title>403 Forbidden</title>
    </head>
    <body>
    <p>Directory access is forbidden.</p>
    </body>
</html>

The Linux command to copy the index.html file to all subfolders is given below

find . -type d -exec cp index.html {} \;

Comment below if you have any better suggestions or ideas.