how to use a .htaccess file? Options

[allenph]

So i inserted a blank index file into my site to block out sensitive file names...but then I realized anyone could look at the source code and enter the path directly into the address bar. I'm attempting to use a .htaccess file but with no luck. seems no matter what script I put in there nothing happens. I made a .htaccess file on windows by making a file called htaccess.txt then renaming it with cmd to .htcaccess because windows yells that you have to have a file extension if you do it any other way. I put my script in the root directory of my site it was...
<Files ~ "\.(txt)$">
order allow,deny
deny from all
</Files>
if i'm correct that should make it so no one can see my .txt files. thing is it does absolutely nothing...help!

[pandy]

Do you want deny access to a specific directory or to all text files on your domain?

BTW have you considered to place the sensitive files above the document root?

[allenph]

No i havnt really considered that it is too late now. but I want to block access to all .txt files. They contain passwords signatures avatar paths a goldmine of sensitives. but if I place the .htaccess on all the .txt documents will i still be able to read and write them from my script?

[Brian Chandler]

if I place the .htaccess on all the .txt documents will i still be able to read and write them from my script?

Yes, but what Pandy said. This is the wrong approach: take sensitive files somewhere else -- really outside the document tree is best. Your scripts are just programs running on the server, and can access anything (depending on user etc of course).

[Ephraim F. Moya]

So i inserted a blank index file into my site to block out sensitive file names...but then I realized anyone could look at the source code and enter the path directly into the address bar. I'm attempting to use a .htaccess file but with no luck. seems no matter what script I put in there nothing happens. I made a .htaccess file on windows by making a file called htaccess.txt then renaming it with cmd to .htcaccess because windows yells that you have to have a file extension if you do it any other way. I put my script in the root directory of my site it was...
<Files ~ "\.(txt)$">
order allow,deny
deny from all
</Files>
if i'm correct that should make it so no one can see my .txt files. thing is it does absolutely nothing...help!

Does your host allow .htaccess files?

Is AllowOverride === none?

This post has been edited by Ephraim F. Moya: Mar 3 2012, 06:58 PM

[allenph]

So i inserted a blank index file into my site to block out sensitive file names...but then I realized anyone could look at the source code and enter the path directly into the address bar. I'm attempting to use a .htaccess file but with no luck. seems no matter what script I put in there nothing happens. I made a .htaccess file on windows by making a file called htaccess.txt then renaming it with cmd to .htcaccess because windows yells that you have to have a file extension if you do it any other way. I put my script in the root directory of my site it was...
<Files ~ "\.(txt)$">
order allow,deny
deny from all
</Files>
if i'm correct that should make it so no one can see my .txt files. thing is it does absolutely nothing...help!

Does your host allow .htaccess files?

Is AllowOverride === none?

It is just a apache webserver running on local host at the moment. I'm getting good at the actual programming but the server stuff is new and I suck at it. I really don't know what you mean.

[pandy]

OK, do you allow .htaccess then? That is specified in the httpd.conf file. It's been a while, I think there are a couple of directives to look at, but the most important of them is AllowOverride. If that's set to 'none' .htaccess directives won't have any effect.

Have you tried other stuff in your .htaccess and do they work? I don't remember the <Files> syntax, but what you have looks right to me - which doesn't mean it is, my memory is a sieve.