Disable access to .htaccess

What can I do to disable public downloading of my .htaccess file? I am on a Linux box. I can't chmod the file because the web browser still needs access to it, obviously. I know that there is a line I can add to it so that it gives the user a 403 Permission Denied error upon directly accessing it, but I don't remember what it is. Anyone know?

cscgal

The Queen of DaniWeb

Administrator

19,421 posts since Feb 2002

Reputation Points: 1,474

Solved Threads: 229

8 Years Ago

0

To prevent viewing of htaccess files use:

<Files .htaccess>
order allow,deny
deny from all
</Files>

and to prevent directory listing try:

IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*

Trey B.
Web Hosting Support :D

treydawg

Newbie Poster

2 posts since Dec 2002

Reputation Points: 10

Solved Threads: 0

8 Years Ago

0

Hey there! Thanks! Helpful as always. :D

cscgal

The Queen of DaniWeb

Administrator

19,421 posts since Feb 2002

Reputation Points: 1,474

Solved Threads: 229

8 Years Ago

0

I came across a cleaner way.

RewriteRule ^\.htaccess$ - &#91;F&#93;

The [F] means to make the file forbidden.

cscgal

The Queen of DaniWeb

Administrator

19,421 posts since Feb 2002

Reputation Points: 1,474

Solved Threads: 229

8 Years Ago

0

Oops! Just remembered the rewrite rule (using mod_rewrite) won't work unless the rewrite engine is turned on. So the code in .htaccess has to look something like this

RewriteEngine on
RewriteRule ^\.htaccess$ - &#91;F&#93;

cscgal

The Queen of DaniWeb

Administrator

19,421 posts since Feb 2002

Reputation Points: 1,474

Solved Threads: 229

8 Years Ago

0

Unfortunately, all rewrite directives can be in the .htaccess except one.

RewriteEngine On must be in the httpd.conf of the server and not in the htaccess. Plus if you use rewrite there will be a performance penalty compared to just denying the file.

Just FYI, hope that helps.

Trey

treydawg

Newbie Poster

2 posts since Dec 2002

Reputation Points: 10

Solved Threads: 0

8 Years Ago

0

Hey, thanks. I thought of that one because I've been dealing with .htaccess and mod_rewrite, where it is required to put RewriteEngine on into .htaccess. Check out my post about mod_rewrite and google located here: [thread]653[/thread]
:) Dani

cscgal

The Queen of DaniWeb

Administrator

19,421 posts since Feb 2002

Reputation Points: 1,474

Solved Threads: 229

8 Years Ago

0

BTW Yes, I've heard that mod_rewrite has a big performance hit to the cpu :(

cscgal

The Queen of DaniWeb

Administrator

19,421 posts since Feb 2002

Reputation Points: 1,474

Solved Threads: 229

7 Years Ago

0

Can you not chmod the file to 700? i think that still allows the file to be read :-/

wfwh

Newbie Poster

14 posts since Jan 2005

Reputation Points: 10

Solved Threads: 0

7 Years Ago

0

Can you not chmod the file to 700? i think that still allows the file to be read :-/

Depending on the ownership of the .htaccess file, if you change permission to 0700 when the ownership of the file is owned by apache (or http, nobody, depending the user running apache), it may work ~

Otherwise, it gives you a forbidden error. :sad:

YUPAPA

Light Poster

42 posts since Dec 2004

Reputation Points: 10

Solved Threads: 0

2 Years Ago

0

Will this work for a spider search engine, I have a plugin that spiders web sites, but I cant seem to spider my own web site server which sits next to me.

here's the error message I get ( Timed out (no reply from server )

So if I disable the .htaccess file for a tick then spider my site then turn .htaccess back on, will this work.

By the way how do you turn .htaccess back on

TT

tommytomato

Newbie Poster

1 post since Nov 2009

Reputation Points: 10

Solved Threads: 0

2 Years Ago

0

This is a better one I think. It prevents .ht* from public access-

<FilesMatch "^\.ht">
Order deny,allow
Deny from All
Satisfy All
</FilesMatch>

nileshgr

Junior Poster

166 posts since Aug 2009

Reputation Points: 17

Solved Threads: 23

Disable access to .htaccess

This article has been dead for over three months