The Web Design Group

... Making the Web accessible to all.

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> how to use a .htaccess file?
allenph
post Mar 3 2012, 09:32 AM
Post #1


Novice
**

Group: Members
Posts: 21
Joined: 15-February 12
Member No.: 16,477



So i inserted a blank index file into my site to block out sensitive file names...but then I realized anyone could look at the source code and enter the path directly into the address bar. I'm attempting to use a .htaccess file but with no luck. seems no matter what script I put in there nothing happens. I made a .htaccess file on windows by making a file called htaccess.txt then renaming it with cmd to .htcaccess because windows yells that you have to have a file extension if you do it any other way. I put my script in the root directory of my site it was...
<Files ~ "\.(txt)$">
order allow,deny
deny from all
</Files>
if i'm correct that should make it so no one can see my .txt files. thing is it does absolutely nothing...help!
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
pandy
post Mar 3 2012, 10:01 AM
Post #2


Don't like donuts. Don't do MySpace.
********

Group: WDG Moderators
Posts: 15,230
Joined: 9-August 06
Member No.: 6



Do you want deny access to a specific directory or to all text files on your domain?

BTW have you considered to place the sensitive files above the document root?


--------------------
"Never go to excess, but let moderation be your guide."
- Cicero

IPB Image
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
allenph
post Mar 3 2012, 10:30 AM
Post #3


Novice
**

Group: Members
Posts: 21
Joined: 15-February 12
Member No.: 16,477



No i havnt really considered that tongue.gif it is too late now. but I want to block access to all .txt files. They contain passwords signatures avatar paths a goldmine of sensitives. but if I place the .htaccess on all the .txt documents will i still be able to read and write them from my script?
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Brian Chandler
post Mar 3 2012, 12:26 PM
Post #4


Jocular coder
********

Group: Members
Posts: 2,212
Joined: 31-August 06
Member No.: 43



QUOTE
if I place the .htaccess on all the .txt documents will i still be able to read and write them from my script?


Yes, but what Pandy said. This is the wrong approach: take sensitive files somewhere else -- really outside the document tree is best. Your scripts are just programs running on the server, and can access anything (depending on user etc of course).


--------------------
Brian Chandler
Nothing in this post constitutes "commercial solicitation". PayPal does not solicit residents of Japan. Contents may settle in transit. "Legal mind" may or may not be brain-damaged.
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Ephraim F. Moya
post Mar 3 2012, 06:48 PM
Post #5


Advanced Member
****

Group: Members
Posts: 167
Joined: 2-September 07
From: New Mexico
Member No.: 3,702



QUOTE(allenph @ Mar 3 2012, 07:32 AM) *

So i inserted a blank index file into my site to block out sensitive file names...but then I realized anyone could look at the source code and enter the path directly into the address bar. I'm attempting to use a .htaccess file but with no luck. seems no matter what script I put in there nothing happens. I made a .htaccess file on windows by making a file called htaccess.txt then renaming it with cmd to .htcaccess because windows yells that you have to have a file extension if you do it any other way. I put my script in the root directory of my site it was...
<Files ~ "\.(txt)$">
order allow,deny
deny from all
</Files>
if i'm correct that should make it so no one can see my .txt files. thing is it does absolutely nothing...help!


Does your host allow .htaccess files?

Is AllowOverride === none?

This post has been edited by Ephraim F. Moya: Mar 3 2012, 06:58 PM


--------------------
Ephraim F. Moya
"Los pintos y los pendejos
Se conocen desde lejos."
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
allenph
post Mar 4 2012, 12:08 AM
Post #6


Novice
**

Group: Members
Posts: 21
Joined: 15-February 12
Member No.: 16,477



QUOTE(Ephraim F. Moya @ Mar 3 2012, 06:48 PM) *

QUOTE(allenph @ Mar 3 2012, 07:32 AM) *

So i inserted a blank index file into my site to block out sensitive file names...but then I realized anyone could look at the source code and enter the path directly into the address bar. I'm attempting to use a .htaccess file but with no luck. seems no matter what script I put in there nothing happens. I made a .htaccess file on windows by making a file called htaccess.txt then renaming it with cmd to .htcaccess because windows yells that you have to have a file extension if you do it any other way. I put my script in the root directory of my site it was...
<Files ~ "\.(txt)$">
order allow,deny
deny from all
</Files>
if i'm correct that should make it so no one can see my .txt files. thing is it does absolutely nothing...help!


Does your host allow .htaccess files?

Is AllowOverride === none?


It is just a apache webserver running on local host at the moment. I'm getting good at the actual programming but the server stuff is new and I suck at it. I really don't know what you mean.
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
pandy
post Mar 4 2012, 01:21 AM
Post #7


Don't like donuts. Don't do MySpace.
********

Group: WDG Moderators
Posts: 15,230
Joined: 9-August 06
Member No.: 6



OK, do you allow .htaccess then? That is specified in the httpd.conf file. It's been a while, I think there are a couple of directives to look at, but the most important of them is AllowOverride. If that's set to 'none' .htaccess directives won't have any effect.

Have you tried other stuff in your .htaccess and do they work? I don't remember the <Files> syntax, but what you have looks right to me - which doesn't mean it is, my memory is a sieve. blush.gif


--------------------
"Never go to excess, but let moderation be your guide."
- Cicero

IPB Image
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



- Lo-Fi Version Time is now: 1st August 2014 - 06:50 AM