tiho
Reputation: 6935
How do I prevent someone from reading my .htaccess file?
I added a .htaccess file to a folder to make it password protected. I would like to prevent all users from being able to read that .htaccess file, because it reveals the location of my .htpasswd (I don't have permissions on this server to put this file outside of the html tree).
I tried the suggestions at http://www.javascriptkit.com/howto/htaccess8.shtml, but I can still read my .htaccess on a web browser. Here is my .htaccess:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/www/users/mylogin/HTML/some_hidden_dir/.htpasswd
AuthGroupFile /dev/null
require valid-user
<Files .htaccess>
order allow,deny
deny from all
</Files>
What am I missing?
Upvotes: 5
Views: 2289
Answers (1)
Andres I Perez
Reputation: 75399
I've always used this method in my main root HTACCESS file and it works like a charm:
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>
More info on this method from one of my bookmarks:
http://perishablepress.com/press/2008/05/20/improve-site-security-by-protecting-htaccess-files/
Upvotes: 8
Related Questions
- How to deny access to a file in .htaccess
- How do you prevent direct access to a file in Apache?
- How can I restrict access to my files
- htaccess securing files from being accessed by users
- Disallow direct access to a file in htaccess?
- How to restrict access to a file or files using .htaccess?
- Deny access to a file
- Give no one access in a directory .htaccess
- Disable access to files
- .htaccess File Security