All
ActionScript

Ajax

AngularJS

Apache

AppleScript

ASP.NET

Bash

C

C#

C++

Coffee

CoffeeScript

ColdFusion

Command

CSS

Delphi

Django

ES6

GLSL

Grunt

Gulp

HAML

Haskell

HTML

iOS

Jade

Java

JavaScript

jQuery

JSX

Less

LUA

MDX

MySQL

Objective

Other

Pascal

Perl

PHP

Plain text

PowerShell

Processing

Progress

Prolog

Pseudocode

Python

Rails

RegExr

Ruby

SASS

Scala

Scheme

SCSS

SmallBASIC

Smarty

SQL

Stylus

SVG

Swift

TypeScript

VHDL

X++

XHTML

XML

Xojo

XSLT
New snippet New playground
Sign up
Login

Deny Access to Hidden Files and Directories - .htaccess

Apache
by Hardik Shah
16th February 2015

RewriteCond %{SCRIPT_FILENAME} -d [OR] RewriteCond %{SCRIPT_FILENAME} -f RewriteRule "(^|/)\." - [F]

2 Responses

Hidden files and directories (those whose names start with a dot .) should most, if not all, of the time be secured. For example: .htaccess, .htpasswd, .git, .hg...

0
Reply?
Hardik Shah 9 years ago

Alternatively, you can just raise a Not Found error, giving the attacker dude no clue: RedirectMatch 404 /\..*$

0
Reply?
Hardik Shah 9 years ago

Deny Access to Hidden Files and Directories - .htaccess

2 Responses

Write a comment