Reputation: 612
Can a .htaccess file be hacked?
On a subdomain I want to use only a .htaccess file for redirects. No PHP, no database or something else will be used. Can a .htaccess file still be hacked? What should I do to protect it?
Upvotes: 2
Views: 4463
Answers (2)
Reputation: 3773
The apache2.conf file has following lines by default which prevent viewing of htaccess files:
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
Upvotes: 2
Reputation:
It will not be visible under standard Apache setup which blocks all files starting with.ht from being served. So nobody will be able to view the contents or get at it through the Apache front-end. Take the usual precaution of having it be 644 permissions and not owned by the user that Apache runs as. No extra security needed outside of protecting your server generally.
Check that the standard protection is in place, so it can't be viewed. Easiest way is just to try visiting it in a web browser. You should get a 403 forbidden.
If you're worried you could put the rules in the main server config instead. I wouldn't worry as long as the above is in place.
Upvotes: 1
Related Questions
- Does RewriteRule on htaccess file affect FTP?
- Editing .htaccess without FTP access through Wordpress
- Can a hacker hack a website's FTP, SSH and/or .htaccess file?
- How secure is .htaccess password protection?
- My site was hacked, htaccess file compromised, what should it look like?
- Is it safe to modify a .htaccess file in PHP?
- .htaccess File Security
- Protect Apache server
- .htaccess - a potential security threat for hack?
- Is protecting a website directory with a .htaccess file secure?