For PHP websites htaccess files handles the most of the stuffs like, redirection, server side caching, server side compression.
We can also protect files and folder using this .htaccess file.
So it requires that you protect the .htaccess file as well. You can protect your .htaccess file with the use of .htaccess it self.
You just need to place the below code in your .htaccess file and your .htaccess file is protecte from any types of access.
Note : .htaccess file used to protect the .htaccess file!!!!
[cc lang=”apache”]
order allow,deny
deny from all
[/cc]
isn’t that easy?
[…] can access the .htaccess file if you have not protected it using the method described here. But what if, you can rename the .htaccess file to any other name say htacc.ess , So there can be […]
[…] Proteger el archivo .htaccess con el propio archivo .htaccess http://www.xpertdeveloper.com/2011/07/protect-htaccess-file/ por proclamo hace 4 segundos […]
I ask this purely out of interest and not criticism.
In what ways do you foresee an attacker accessing your .htaccess file?
I just did a couple experiments such as chmod’ing .htaccess to 777 and chown’ing it to the apache user, but it was still marked forbidden when I tried to access it via the url. (don’t worry I changed it back ;-)
Maybe the server OS I run (ubuntu) already prevents access to the .htaccess file?
Thank you
it can be protected from apache’s http.conf file also..
[…] Earlier I have explained the use of htaccess file to protect the .htaccess file. […]
What does it mean when the above code is added to the file but the file is still hacked?
alternative use this
# Protect .htaccess file
order allow,deny
deny from all
alternative method
# Protect .htaccess file
order allow,deny
deny from all