: Apache 2.4.2 on Windows reveals hidden files in web browser Even though I have code to block access to hidden files in httpd.conf, the contents of a file such as .htaccess is visible in web
Even though I have code to block access to hidden files in httpd.conf, the contents of a file such as .htaccess is visible in web browsers.
The same effect is present when running the server on Windows 7 and Windows XP SP3.
The following httpd.conf code does not seem to be effective:
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files "^.ht*">
Order allow,deny
Deny from all
Satisfy All
</Files>
Please tell me how to make files invisble to web browsers on a Windows machine that is running the Apache 2 web server.
More posts by @Megan663
1 Comments
Sorted by latest first Latest Oldest Best
Use files ~ "^.ht"
I'm sure why your configuration contains an asterisk and it may not be related but this is the common config I use for protecting the htaccess file and includes htpassword and anything else named .htEXAMPLE
Try changing your current config to make use of my code:
AccessFileName .htaccess
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^.ht">
Order allow,deny
Deny from all
Satisfy all
</Files>
AllowOverride
Also ensure that you actually have AllowOverride enabled since they may be interlinked with one another, you can set this within the configuration of your sites normally found in enabled-sites.
Syntax Errors
Another Possibility is that your config contains syntax errors simply do a apachectl configtest to see if any errors are reported in your configuration - unlikely but it can happen.
Configuration File
Another cause could be that your setup is not actually using the httpd.conf and using another config file, several different Linux distros use different configuration files, for example Ubuntu does not use httpd.conf but actually uses apache2.conf. Do a apache2 -V and it should report what conf it uses, if apache2 -V reports nothing try a httpd -V for example:
root@RAX-test-update:~# apache2 -V
Server version: Apache/2.2.22 (Ubuntu)
Server built: Feb 13 2012 01:51:50
Server's Module Magic Number: 21051146:30
Server loaded: APR 1.4.6, APR-Util 1.3.12
Compiled using: APR 1.4.5, APR-Util 1.3.12
Architecture: 64-bit
Server MPM: Prefork
threaded: no
forked: yes (variable process count)
Server compiled with....
-D APACHE_MPM_DIR="server/mpm/prefork"
-D APR_HAS_SENDFILE
-D APR_HAS_MMAP
-D APR_HAVE_IPV6 (IPv4-mapped addresses enabled)
-D APR_USE_SYSVSEM_SERIALIZE
-D APR_USE_PTHREAD_SERIALIZE
-D SINGLE_LISTEN_UNSERIALIZED_ACCEPT
-D APR_HAS_OTHER_CHILD
-D AP_HAVE_RELIABLE_PIPED_LOGS
-D DYNAMIC_MODULE_LIMIT=128
-D HTTPD_ROOT="/etc/apache2"
-D SUEXEC_BIN="/usr/lib/apache2/suexec"
-D DEFAULT_PIDLOG="/var/run/apache2.pid"
-D DEFAULT_SCOREBOARD="logs/apache_runtime_status"
-D DEFAULT_LOCKFILE="/var/run/apache2/accept.lock"
-D DEFAULT_ERRORLOG="logs/error_log"
-D AP_TYPES_CONFIG_FILE="mime.types"
-D SERVER_CONFIG_FILE="apache2.conf"
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.