when ever the client use my domain and put a / after it, my whole hosted containts are exposed. i tryed putting permission .but not working. even worse, if client click on a containt, let’s say a file, it’ll download. how can i fix this?

do you mean its showing a list of directory contents?

just create a blank file called index.html or index.php in the folder your talking about. You can also do it with .htaccess and apply it to the whole domain if you want that, it will disable it.

What is your url please?