[SOLVED] Force non-display of a file

[mr_mind]

I need to make apache not display a file that starts with a certain letter or symbol, i thought it would do this automatically as it did on my other server, it does not

[madmax]

More info needed.

What do you mean by "not display". Not return the content or not show it in a directory index?

You can use indexignore to prevent indexing and can prefix a file with a dot to prevent apache returning it

[mr_mind]

Apache, on my system, will return all files default, so i looked around and i finally came up with this, which does what you are saying apache should do from the start

 

<Files ~ "^\.(.+)$">

Order allow,deny

Deny from all

</Files>

[madmax]

Yes, that's quite right. Good rule!

 

Something very close to this is usually included in the default Apache config. (see below)

I rechecked my own server logs and I must have expanded the rule at some point in the past and not noted the reason for the change. A good reminder to keep copious notes in one's http.conf when things are changed!.

 

The supplied default normally blocks only ".ht*" files so it is probably worth expanding. I have a funny feeling that this may be extended on an O/S dependent basis - perhaps having a wider scope in Linux?. I use Win32 which is probably more lax thus requring the rule to be expanded.

 

I tried the following shorter rule and this also seemed to work OK on Win32 banning ".*"

 

<Files ~ "^\.">
    Order allow,deny
    Deny from all
</Files>

 

Here's the default entry which it might pay others reading this to find/edit and implement using your rule...

 

#Apache default config
# The following lines prevent .htaccess and .htpasswd files from being 
# viewed by Web clients. 
#
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>