How to configure the server to restrict a user from accessing the directory structure, by changing the URL?

for example: if the server redirects the user to the following URL upon successful login.

currently, if i try change the URL to say, http://mysite/dir1/

even though there is no index webpage, the directory structure gets exposed here. how do i go about restricting the user from accessing the directory structure and throw an error message at him like "you are not authorised to view this", whenever a "smarty-pants" user tries to edit the URL manually.

The user should only be able to see the webpages which the server redirects him to. nothing else.