How to protect .htaccess file contents?

By default, everybody has access to an .htaccess file's contents. Due to the fact that it exposes web site configuration data, this could be a security issue. It is a good practice to restrict access to .htaccess files for security reasons.

To do this, add the following directives to the .htaccess file:

# Prevent Apache from serving .htaccess files:
<FilesMatch ".htaccess">
    Order allow, deny
    Deny from all
</FilesMatch>

Now, when users attempt to view the .htaccess file directly, their web browsers display a '403 Forbidden' message.
  • htaccess rule, htaccess file, htaccess file protection
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

How to change HTTP headers using .htaccess files

This article shows how to edit the HTTP headers that Apache sends to a client directly....

How to enable and disable directory index listings using an .htaccess file?

To enable index listings for a directory add the following line to the .htaccess file: Options...

How to protect a website folders using .htaccess

The .htaccess file is a configuration file used by Apache-based web servers. Directives in...

How to use an .htaccess file to alter the default directory index page?

On HostGinger Hosting servers, by default, when users access a URL that requests a directory,...

What is .htaccess files?

An .htaccess file is a plain-text configuration file that you can use to alter the settings of...