One of the must do on setting a secure Apache webserver is to disable directory browsing. This could prevent the server from showing a listing of the existing files if there’s no index in one folder.
Disable directory browsing via .htaccess
Add in the .htaccess file the following
Options -Indexes