Protecting Files on your Appache Server with “.htaccess” October 16, 2011Posted by Tournas Dimitrios in Uncategorized.
So you have finished your website and uploaded all files to your hosting server’s public directory . By default Appache serves the “index.html or index.php ” file if no file is defined in the url . Pointing your browser to ” http://yourdomain.com” will return the index-file (usually the home page ) . If no index.[html | php] is available , the the server will list all files and directories on the root directory . A hacker could map the directory structure of your website by simply display the source code ( html-code) of a website and then try to display the content of plain text files (txt , js , ini , xml … ) .
Providing access to the content of all plain text files on our server to the public is a HUGE security risk , so we have to restrict access to these files . A developer could of course create empty index.[html | php ] files into each directory and prevent directory-listing , but a simpler method is to define a directive into ” .htaccess” file .
Open .htaccess and paste the following directive :
Options -Indexes <FileMatch "\.(sqlite|xml|ini|txt|csv| js )$"> Deny from all </FilesMatch>
The first directive ( Options -Indexes ) restricts directory listing while the second directive restricts access to all files that have these specific extension ( sqlite , xml , ini , txt , csv , js ). Be very carefull what restrictions you define , for example , including the “js” in the list may impact the functionality of some JQuery plugins . After each change into the .thaccess file do an extensive test ……