Short bio: Computer Scientist, FOSS supporter (read more)
Tux Machines (TM)-specific
A web server should be as secure as it can be.
However, you may sometimes need to quickly share the contents of a directory for web access, so you make a folder under your httpd's document root, add a simple .htaccess... and you may see the access is forbidden!
On a system aimed to security, Apache2 might have been configured to completely ignore .htaccess files.
Basically, you want to allow browsing of the contents of http://myserver/friends/ even if there is no index.html linking to files within it.