Ad: Download FREE Network Inventory Software from Spiceworks

Linux Servers and Apache Discussion Thread
Unsolved
Views: 12911

Page 1
2
Next

You are currently viewing page 1 of this multi-page discussion thread

Jul 11th, 2003

Disable access to .htaccess

Expand Post »

What can I do to disable public downloading of my .htaccess file? I am on a Linux box. I can't chmod the file because the web browser still needs access to it, obviously. I know that there is a line I can add to it so that it gives the user a 403 Permission Denied error upon directly accessing it, but I don't remember what it is. Anyone know?

Similar Threads

Block direct access (help) in PHP
Disable access to internet - windows and Linux in C++
Disable access/hide/lock/ to start menu/task manager/time & date when form load.. in Visual Basic 4 / 5 / 6
Web pages accessed by me only? in PHP
301 redirect problem and I do not have server access in HTML and CSS

cscgal

Administrator

Staff Writer

Reputation Points: 1422

Solved Threads: 162

The Queen of DaniWeb

Offline

13,645 posts
since Feb 2002

Permalink

Jul 12th, 2003

Re: Disable access to .htaccess

To prevent viewing of htaccess files use:

(Toggle Plain Text)

<Files .htaccess>
order allow,deny
deny from all
</Files>

and to prevent directory listing try:

(Toggle Plain Text)

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

Trey B.
Web Hosting Support

treydawg

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

2 posts
since Dec 2002

Permalink

Jul 12th, 2003

Re: Disable access to .htaccess

Hey there! Thanks! Helpful as always.

cscgal

Administrator

Staff Writer

Reputation Points: 1422

Solved Threads: 162

The Queen of DaniWeb

Offline

13,645 posts
since Feb 2002

Permalink

Jul 12th, 2003

Re: Disable access to .htaccess

I came across a cleaner way.

(Toggle Plain Text)

RewriteRule ^\.htaccess$ - [F]

The [F] means to make the file forbidden.

cscgal

Administrator

Staff Writer

Reputation Points: 1422

Solved Threads: 162

The Queen of DaniWeb

Offline

13,645 posts
since Feb 2002

Permalink

Jul 12th, 2003

Re: Disable access to .htaccess

Oops! Just remembered the rewrite rule (using mod_rewrite) won't work unless the rewrite engine is turned on. So the code in .htaccess has to look something like this

(Toggle Plain Text)

RewriteEngine on
RewriteRule ^\.htaccess$ - [F]

cscgal

Administrator

Staff Writer

Reputation Points: 1422

Solved Threads: 162

The Queen of DaniWeb

Offline

13,645 posts
since Feb 2002

Permalink

Jul 13th, 2003

Re: Disable access to .htaccess

Unfortunately, all rewrite directives can be in the .htaccess except one.

RewriteEngine On must be in the httpd.conf of the server and not in the htaccess. Plus if you use rewrite there will be a performance penalty compared to just denying the file.

Just FYI, hope that helps.

Trey

treydawg

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

2 posts
since Dec 2002

Permalink

Jul 13th, 2003

Re: Disable access to .htaccess

Hey, thanks. I thought of that one because I've been dealing with .htaccess and mod_rewrite, where it is required to put RewriteEngine on into .htaccess. Check out my post about mod_rewrite and google located here: http://www.daniweb.com/forums/showthread.php?t=653

Dani

cscgal

Administrator

Staff Writer

Reputation Points: 1422

Solved Threads: 162

The Queen of DaniWeb

Offline

13,645 posts
since Feb 2002

Permalink

Jul 13th, 2003

Re: Disable access to .htaccess

BTW Yes, I've heard that mod_rewrite has a big performance hit to the cpu

cscgal

Administrator

Staff Writer

Reputation Points: 1422

Solved Threads: 162

The Queen of DaniWeb

Offline

13,645 posts
since Feb 2002

Permalink

Jan 4th, 2005

Re: Disable access to .htaccess

Can you not chmod the file to 700? i think that still allows the file to be read

wfwh

Reputation Points: 10

Solved Threads: 0

Newbie Poster

Offline

14 posts
since Jan 2005

Permalink

Jan 9th, 2005

Re: Disable access to .htaccess

Quote originally posted by wfwh ...

Can you not chmod the file to 700? i think that still allows the file to be read

Depending on the ownership of the .htaccess file, if you change permission to 0700 when the ownership of the file is owned by apache (or http, nobody, depending the user running apache), it may work ~

Otherwise, it gives you a forbidden error.

YUPAPA

Reputation Points: 10

Solved Threads: 0

Light Poster

Offline

42 posts
since Dec 2004

Page 1
2
Next

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.

Previous Thread in Linux Servers and Apache Forum Timeline: Does Linus Torvalds Hate Freedom?

Next Thread in Linux Servers and Apache Forum Timeline: Having Access Problems

DaniWeb Message

Cancel Changes

User Name
Password