How to Deny Access to Hidden Files and Directories

April 25, 2021 12:27 am 0 0 0 Troubleshooting

Hidden files and directories (those whose names start with a dot .) should most, if not all, of the time be secured. For example: .htaccess, .htpasswd, .git, .hg… 

RewriteCond %{SCRIPT_FILENAME} -d [OR]

RewriteCond %{SCRIPT_FILENAME} -f

RewriteRule "(^|/)\." - [F]

Alternatively, you can just raise a “Not Found” error, giving the attacker no clue: 

RedirectMatch 404 /\..*$

Was this article helpful?

Thanks for your opinion!
Have more questions? Submit a request
LastModified: April 25, 2021 12:28 am
Previous
Next

Featured Articles

Article Categories

Tag Cloud