One of the “must do’s” on setting a secure apache webserver environment is to disable directory browsing. As a default Apache will be compiled with this option enabled, but its always a good idea to get rid of this setting unless its really necessary. If you have some basic knowledge of vi editor follow this steps
If you are on an RPM installation of Apache (which i dont really recommend) you will find the apache configuration file probably here:
/etc/httpd/conf/httpd.conf
If you are using apache from the source tar balls ( like real men ) probably you will find the configuration file here:
/usr/local/apache/conf/httpd.conf
Using an editor like vi , edit the httpd.conf file and scroll until you find a line like this:
Options All Indexes FollowSymLinks MultiViews
To disable directory browsing carefully remove the line that says: Indexes and leave the line like this:
Options All FollowSymLinks MultiViews
Restart your apache webserver and thats it
ref : http://felipecruz.com/blog_disable-directory-listing-browsing-apache.php