How to prevent someone from reading my .htaccess file?

Question

How to prevent someone from reading my .htaccess file?

I added the .htaccess file to the folder to make it password protected. I would like to prevent all users from reading this .htaccess file, since it shows the location of my .htpasswd (I do not have permissions on this server to put this file outside the html tree).

I tried the suggestions http://www.javascriptkit.com/howto/htaccess8.shtml , but I can still read my .htaccess in a web browser. Here is my .htaccess:

AuthName "Restricted Area" 
AuthType Basic 
AuthUserFile /home/www/users/mylogin/HTML/some_hidden_dir/.htpasswd 
AuthGroupFile /dev/null 
require valid-user

<Files .htaccess>
order allow,deny
deny from all
</Files>

What am I missing?

+5

html .htaccess

tiho Sep 29 '11 at 1:57

source share

1 answer

Andres Ilich · Answer 1 · 2011-09-29T02:00:33+0000

I always used this method in my main HTACCESS root file and it works like a charm:

<Files ~ "^.*\.([Hh][Tt][Aa])">
 order allow,deny
 deny from all
 satisfy all
</Files>

:

http://perishablepress.com/press/2008/05/20/improve-site-security-by-protecting-htaccess-files/

How to prevent someone from reading my .htaccess file?

More articles: