It’s a good practice to block visitor access to file types that is not being used in web server. You can configure .htaccess to block access to specific file types (eg: inc, bak, log, sh). It’s common for webmaster to edit files at the server and rename the old filename to .bak. If your file contain sensitive information like login credentials, then your info will be expose to public.
To block access to certain file types using .htaccess, follow the steps below:
Advertisements
- Open your .htaccess file
- Copy and append the following code to your .htaccess:-
1234<Files ~ "\.inc$">Order allow,denyDeny from all</Files>
* The method show above only block access to 1 file type (.inc) at a timeIf you want to block access to multiple file types at once, use the code below:-
1234<FilesMatch "\.(htaccess|htpasswd|ini|log|sh|inc|bak)$">Order Allow,DenyDeny from all</FilesMatch>
* the code above block access to .htaccess, .htpasswd, .ini, .log, .sh, .inc and .bak file extension. - Save your .htaccess and try to access any a fake filename that ended with the extension listed above. You should see a “Forbidden” message
Related posts:
Limit certain ip to access website with .htaccess
CentOS: install yum fastest mirror plugin for faster connection update
How to add Primary and Secondary DNS server - /etc/resolve.conf - Linux
Namecheap Coupon May 2007
How to check Zimbra Version without ssh access?
How to remove Powered By Prestashop footer link
Prestashop 1.5 - How to enable add to cart button at Home Featured Product?
Zoho Mail: Free email hosting for your custom domain
Share this with your friends:-
How can i use .htaccess to block the selected extensions over my whole website i.e. in all directories? I have put .htaccess file in my website’s root folder i.e. public_html It blocks the selected extensions in the root folder fine. But not in directories that are in public_html.
How can i fix this?
Very good stuff i found here .htaccess ,( Order allow,deny ) vey useful command i was looking for it.Thanks.