The Web Design Group

... Making the Web accessible to all.

Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> how to use a .htaccess file?
allenph
post Mar 3 2012, 09:32 AM
Post #1


Novice
**

Group: Members
Posts: 21
Joined: 15-February 12
Member No.: 16,477



So i inserted a blank index file into my site to block out sensitive file names...but then I realized anyone could look at the source code and enter the path directly into the address bar. I'm attempting to use a .htaccess file but with no luck. seems no matter what script I put in there nothing happens. I made a .htaccess file on windows by making a file called htaccess.txt then renaming it with cmd to .htcaccess because windows yells that you have to have a file extension if you do it any other way. I put my script in the root directory of my site it was...
<Files ~ "\.(txt)$">
order allow,deny
deny from all
</Files>
if i'm correct that should make it so no one can see my .txt files. thing is it does absolutely nothing...help!
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
pandy
post Mar 3 2012, 10:01 AM
Post #2


🌟Computer says no🌟
********

Group: WDG Moderators
Posts: 20,716
Joined: 9-August 06
Member No.: 6



Do you want deny access to a specific directory or to all text files on your domain?

BTW have you considered to place the sensitive files above the document root?
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
allenph
post Mar 3 2012, 10:30 AM
Post #3


Novice
**

Group: Members
Posts: 21
Joined: 15-February 12
Member No.: 16,477



No i havnt really considered that tongue.gif it is too late now. but I want to block access to all .txt files. They contain passwords signatures avatar paths a goldmine of sensitives. but if I place the .htaccess on all the .txt documents will i still be able to read and write them from my script?
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Brian Chandler
post Mar 3 2012, 12:26 PM
Post #4


Jocular coder
********

Group: Members
Posts: 2,460
Joined: 31-August 06
Member No.: 43



QUOTE
if I place the .htaccess on all the .txt documents will i still be able to read and write them from my script?


Yes, but what Pandy said. This is the wrong approach: take sensitive files somewhere else -- really outside the document tree is best. Your scripts are just programs running on the server, and can access anything (depending on user etc of course).
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
Ephraim F. Moya
post Mar 3 2012, 06:48 PM
Post #5


Advanced Member
****

Group: Members
Posts: 167
Joined: 2-September 07
From: New Mexico
Member No.: 3,702



QUOTE(allenph @ Mar 3 2012, 07:32 AM) *

So i inserted a blank index file into my site to block out sensitive file names...but then I realized anyone could look at the source code and enter the path directly into the address bar. I'm attempting to use a .htaccess file but with no luck. seems no matter what script I put in there nothing happens. I made a .htaccess file on windows by making a file called htaccess.txt then renaming it with cmd to .htcaccess because windows yells that you have to have a file extension if you do it any other way. I put my script in the root directory of my site it was...
<Files ~ "\.(txt)$">
order allow,deny
deny from all
</Files>
if i'm correct that should make it so no one can see my .txt files. thing is it does absolutely nothing...help!


Does your host allow .htaccess files?

Is AllowOverride === none?

This post has been edited by Ephraim F. Moya: Mar 3 2012, 06:58 PM
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
allenph
post Mar 4 2012, 12:08 AM
Post #6


Novice
**

Group: Members
Posts: 21
Joined: 15-February 12
Member No.: 16,477



QUOTE(Ephraim F. Moya @ Mar 3 2012, 06:48 PM) *

QUOTE(allenph @ Mar 3 2012, 07:32 AM) *

So i inserted a blank index file into my site to block out sensitive file names...but then I realized anyone could look at the source code and enter the path directly into the address bar. I'm attempting to use a .htaccess file but with no luck. seems no matter what script I put in there nothing happens. I made a .htaccess file on windows by making a file called htaccess.txt then renaming it with cmd to .htcaccess because windows yells that you have to have a file extension if you do it any other way. I put my script in the root directory of my site it was...
<Files ~ "\.(txt)$">
order allow,deny
deny from all
</Files>
if i'm correct that should make it so no one can see my .txt files. thing is it does absolutely nothing...help!


Does your host allow .htaccess files?

Is AllowOverride === none?


It is just a apache webserver running on local host at the moment. I'm getting good at the actual programming but the server stuff is new and I suck at it. I really don't know what you mean.
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post
pandy
post Mar 4 2012, 01:21 AM
Post #7


🌟Computer says no🌟
********

Group: WDG Moderators
Posts: 20,716
Joined: 9-August 06
Member No.: 6



OK, do you allow .htaccess then? That is specified in the httpd.conf file. It's been a while, I think there are a couple of directives to look at, but the most important of them is AllowOverride. If that's set to 'none' .htaccess directives won't have any effect.

Have you tried other stuff in your .htaccess and do they work? I don't remember the <Files> syntax, but what you have looks right to me - which doesn't mean it is, my memory is a sieve. blush.gif
User is offlinePM
Go to the top of the page
Toggle Multi-post QuotingQuote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



- Lo-Fi Version Time is now: 19th March 2024 - 03:18 AM