Jump to content

Recommended Posts

Yes, that's quite right. Good rule! ;)

 

Something very close to this is usually included in the default Apache config. (see below)

I rechecked my own server logs and I must have expanded the rule at some point in the past and not noted the reason for the change. A good reminder to keep copious notes in one's http.conf when things are changed!.

 

The supplied default normally blocks only ".ht*" files so it is probably worth expanding. I have a funny feeling that this may be extended on an O/S dependent basis - perhaps having a wider scope in Linux?. I use Win32 which is probably more lax thus requring the rule to be expanded.

 

I tried the following shorter rule and this also seemed to work OK on Win32 banning ".*"

 

<Files ~ "^\.">
    Order allow,deny
    Deny from all
</Files>

 

Here's the default entry which it might pay others reading this to find/edit and implement using your rule...

 

#Apache default config
# The following lines prevent .htaccess and .htpasswd files from being 
# viewed by Web clients. 
#
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>

 

 

 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.