how to use a .htaccess file? |
how to use a .htaccess file? |
allenph |
Mar 3 2012, 09:32 AM
Post
#1
|
Novice Group: Members Posts: 21 Joined: 15-February 12 Member No.: 16,477 |
So i inserted a blank index file into my site to block out sensitive file names...but then I realized anyone could look at the source code and enter the path directly into the address bar. I'm attempting to use a .htaccess file but with no luck. seems no matter what script I put in there nothing happens. I made a .htaccess file on windows by making a file called htaccess.txt then renaming it with cmd to .htcaccess because windows yells that you have to have a file extension if you do it any other way. I put my script in the root directory of my site it was...
<Files ~ "\.(txt)$"> order allow,deny deny from all </Files> if i'm correct that should make it so no one can see my .txt files. thing is it does absolutely nothing...help! |
pandy |
Mar 3 2012, 10:01 AM
Post
#2
|
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,730 Joined: 9-August 06 Member No.: 6 |
Do you want deny access to a specific directory or to all text files on your domain?
BTW have you considered to place the sensitive files above the document root? |
allenph |
Mar 3 2012, 10:30 AM
Post
#3
|
Novice Group: Members Posts: 21 Joined: 15-February 12 Member No.: 16,477 |
No i havnt really considered that it is too late now. but I want to block access to all .txt files. They contain passwords signatures avatar paths a goldmine of sensitives. but if I place the .htaccess on all the .txt documents will i still be able to read and write them from my script?
|
Brian Chandler |
Mar 3 2012, 12:26 PM
Post
#4
|
Jocular coder Group: Members Posts: 2,460 Joined: 31-August 06 Member No.: 43 |
QUOTE if I place the .htaccess on all the .txt documents will i still be able to read and write them from my script? Yes, but what Pandy said. This is the wrong approach: take sensitive files somewhere else -- really outside the document tree is best. Your scripts are just programs running on the server, and can access anything (depending on user etc of course). |
Ephraim F. Moya |
Mar 3 2012, 06:48 PM
Post
#5
|
Advanced Member Group: Members Posts: 167 Joined: 2-September 07 From: New Mexico Member No.: 3,702 |
So i inserted a blank index file into my site to block out sensitive file names...but then I realized anyone could look at the source code and enter the path directly into the address bar. I'm attempting to use a .htaccess file but with no luck. seems no matter what script I put in there nothing happens. I made a .htaccess file on windows by making a file called htaccess.txt then renaming it with cmd to .htcaccess because windows yells that you have to have a file extension if you do it any other way. I put my script in the root directory of my site it was... <Files ~ "\.(txt)$"> order allow,deny deny from all </Files> if i'm correct that should make it so no one can see my .txt files. thing is it does absolutely nothing...help! Does your host allow .htaccess files? Is AllowOverride === none? This post has been edited by Ephraim F. Moya: Mar 3 2012, 06:58 PM |
allenph |
Mar 4 2012, 12:08 AM
Post
#6
|
Novice Group: Members Posts: 21 Joined: 15-February 12 Member No.: 16,477 |
So i inserted a blank index file into my site to block out sensitive file names...but then I realized anyone could look at the source code and enter the path directly into the address bar. I'm attempting to use a .htaccess file but with no luck. seems no matter what script I put in there nothing happens. I made a .htaccess file on windows by making a file called htaccess.txt then renaming it with cmd to .htcaccess because windows yells that you have to have a file extension if you do it any other way. I put my script in the root directory of my site it was... <Files ~ "\.(txt)$"> order allow,deny deny from all </Files> if i'm correct that should make it so no one can see my .txt files. thing is it does absolutely nothing...help! Does your host allow .htaccess files? Is AllowOverride === none? It is just a apache webserver running on local host at the moment. I'm getting good at the actual programming but the server stuff is new and I suck at it. I really don't know what you mean. |
pandy |
Mar 4 2012, 01:21 AM
Post
#7
|
🌟Computer says no🌟 Group: WDG Moderators Posts: 20,730 Joined: 9-August 06 Member No.: 6 |
OK, do you allow .htaccess then? That is specified in the httpd.conf file. It's been a while, I think there are a couple of directives to look at, but the most important of them is AllowOverride. If that's set to 'none' .htaccess directives won't have any effect.
Have you tried other stuff in your .htaccess and do they work? I don't remember the <Files> syntax, but what you have looks right to me - which doesn't mean it is, my memory is a sieve. |
Lo-Fi Version | Time is now: 18th April 2024 - 09:58 PM |