noobilityat19
Reputation: 19
Breaking .htaccess rule
is there anyway to defy .htaccess? I mean to break what the rule written in the .htaccess file.
I have a directory, and I don't want others to browse it. So I created .htaccess file and wrote this
Deny from all
Is there anyway people can break it?
Upvotes: 0
Views: 92
Answers (2)
SirDarius
Reputation: 42899
.htaccess files are as secure as Apache allows you to.
See for example, assuming your .htaccess file is located in /var/www/foo:
<Directory />
Allow From All
AllowOverride All # allow .htaccess files globally
</Directory>
<VirtualHost *:80>
ServerName www.foo.com
DocumentRoot /var/www/foo # impossible to access, thanks to .htaccess
</VirtualHost>
<VirtualHost *:80>
ServerName www.bar.com
DocumentRoot /var/www/foo # same directory as above
<Directory /var/www/foo>
AllowOverride None # woops .htaccess will not be read, files can be accessed from this vhost
</Directory>
</VirtualHost>
Therefore there is no guarantee ever that your files are securely protected, as long as you don't know (and don't understand) how your apache installation is configured.
Upvotes: 1
Valentin Mercier
Reputation: 5326
Nope this is radical. Nobody can access it. It is safe and commonly used. The deny is made server side, so nobody can try to bypass it.
Upvotes: 1
Related Questions
- HTACCESS Rules ISSUE
- mod_rewrite and .htaccess exception to the rule
- .htaccess - Clashing rules causing internal server error
- .htaccess rule conflict with previous defined rules
- htaccess rule conflict with another rule
- Apache .htaccess Rules Conflicts
- How do I bypass an htaccess rule?
- .htaccess, conflict in rules
- .htaccess rule conflicts help
- .htaccess - Rule being ignored