[thelist] .htaccess
deke
web at master.gen.in.us
Thu May 31 22:05:00 CDT 2001
On 31 May 2001, at 20:51, Warden, Matt posted a message which said:
> > What do I need to add to my .htaccess file to stop people being
> > able to read my .htpasswd file through the browser?
> Nothing really. Simply store your .htpasswd file below the site root.
That sorta defeats the purpose of an .htaccess file. If it's not in the
htdocs tree, it doesn't function as an .htaccess file.
The default httpd.conf file contains this:
#
# The following lines prevent .htaccess files from being viewed by
# Web clients. Since .htaccess files often contain authorization
# information, access is disallowed for security reasons. Comment
# these lines out if you want Web visitors to see the contents of
# .htaccess files. If you change the AccessFileName directive above,
# be sure to make the corresponding changes here.
#
# Also, folks tend to use names such as .htpasswd for password
# files, so this will protect those as well.
#
<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>
------------------------
"The church is near but the road is icy;
the bar is far away but I will walk carefully."
-- Russian Proverb
More information about the thelist
mailing list