What can I do to disable public downloading of my .htaccess file? I am on a Linux box. I can't chmod the file because the web browser still needs access to it, obviously. I know that there is a line I can add to it so that it gives the user a 403 Permission Denied error upon directly accessing it, but I don't remember what it is. Anyone know?
Recommended Answers
Jump to PostThis is a better one I think. It prevents .ht* from public access-
<FilesMatch "^\.ht"> Order deny,allow Deny from All Satisfy All </FilesMatch>
All 11 Replies
treydawg
0
Newbie Poster
To prevent viewing of htaccess files use:
<Files .htaccess>
order allow,deny
deny from all
</Files>and to prevent directory listing try:
IndexIgnore .htaccess */.??* *~ *# */HEADER* */README* */_vti*Trey B.
Web Hosting Support :D
Dani
3,089
The Queen of DaniWeb
Administrator
Featured Poster
Premium Member
Hey there! Thanks! Helpful as always. :D
Dani
3,089
The Queen of DaniWeb
Administrator
Featured Poster
Premium Member
I came across a cleaner way.
RewriteRule ^\.htaccess$ - [F]The [F] means to make the file forbidden.
Dani
3,089
The Queen of DaniWeb
Administrator
Featured Poster
Premium Member
Oops! Just remembered the rewrite rule (using mod_rewrite) won't work unless the rewrite engine is turned on. So the code in .htaccess has to look something like this
RewriteEngine on
RewriteRule ^\.htaccess$ - [F]
treydawg
0
Newbie Poster
Unfortunately, all rewrite directives can be in the .htaccess except one.
RewriteEngine On must be in the httpd.conf of the server and not in the htaccess. Plus if you use rewrite there will be a performance penalty compared to just denying the file.
Just FYI, hope that helps.
Trey
Dani
3,089
The Queen of DaniWeb
Administrator
Featured Poster
Premium Member
Hey, thanks. I thought of that one because I've been dealing with .htaccess and mod_rewrite, where it is required to put RewriteEngine on into .htaccess. Check out my post about mod_rewrite and google located here: [thread]653[/thread]
:) Dani
Dani
3,089
The Queen of DaniWeb
Administrator
Featured Poster
Premium Member
BTW Yes, I've heard that mod_rewrite has a big performance hit to the cpu :(
wfwh
0
Newbie Poster
Can you not chmod the file to 700? i think that still allows the file to be read :-/
YUPAPA
0
Light Poster
Can you not chmod the file to 700? i think that still allows the file to be read :-/
Depending on the ownership of the .htaccess file, if you change permission to 0700 when the ownership of the file is owned by apache (or http, nobody, depending the user running apache), it may work ~
Otherwise, it gives you a forbidden error. :sad:
tommytomato
0
Newbie Poster
Will this work for a spider search engine, I have a plugin that spiders web sites, but I cant seem to spider my own web site server which sits next to me.
here's the error message I get ( Timed out (no reply from server )
So if I disable the .htaccess file for a tick then spider my site then turn .htaccess back on, will this work.
By the way how do you turn .htaccess back on
TT
nileshgr
This is a better one I think. It prevents .ht* from public access-
<FilesMatch "^\.ht">
Order deny,allow
Deny from All
Satisfy All
</FilesMatch>
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, learning, and sharing knowledge.