leafleafDocy banner shape 01Docy banner shape 02Flower illustration

How to Deny Access to Hidden Files and Directories

Hidden files and directories (those whose names start with a dot .) should most, if not all, of the time be secured. For example: .htaccess, .htpasswd, .git, .hg

RewriteCond %{SCRIPT_FILENAME} -d [OR]

RewriteCond %{SCRIPT_FILENAME} -f

RewriteRule "(^|/)\." - [F]

Alternatively, you can just raise a ‘Not Found’ error, giving the attacker no clue:

RedirectMatch 404 /\..*$
Share this Doc

How to Deny Access to Hidden Files and Directories

Or copy link

Table Of Contents