Protect .htaccess File

  • Avinash
  • 8
  • Jul 13, 2011
  • Web Server

For PHP websites htaccess files handles the most of the stuffs like, redirection, server side caching, server side compression.

We can also protect files and folder using this .htaccess file.

So it requires that you protect the .htaccess file as well. You can protect your .htaccess file with the use of .htaccess it self.

You just need to place the below code in your .htaccess file and your .htaccess file is protecte from any types of access.

Note : .htaccess file used to protect the .htaccess file!!!!

order allow,deny deny from all
<Files .htaccess>
 order allow,deny
 deny from all

isn’t that easy?

Related Posts

Written by Avinash

Avinash Zala is leading various projects which deals with the various technology involved with the web. A combination of perfect technical and management skills. Avinash would like to chat with you and convert your imagination into the working system. You can get in touch with him on Facebook and Twitter.

View all posts by:

  • Pingback: Rename .htaccess File | Expert PHP Developer

  • Pingback: Proteger el archivo .htaccess con el propio archivo .htaccess

  • danny

    I ask this purely out of interest and not criticism.

    In what ways do you foresee an attacker accessing your .htaccess file?

    I just did a couple experiments such as chmod’ing .htaccess to 777 and chown’ing it to the apache user, but it was still marked forbidden when I tried to access it via the url. (don’t worry I changed it back ;-)

    Maybe the server OS I run (ubuntu) already prevents access to the .htaccess file?

    Thank you

    • Avinash

      it can be protected from apache’s http.conf file also..

  • Pingback: Protect file using .htaccess | Expert PHP Developer

  • Ari Herzog

    What does it mean when the above code is added to the file but the file is still hacked?

  • sendy

    alternative use this

    # Protect .htaccess file

    order allow,deny
    deny from all

  • sendy

    alternative method

    # Protect .htaccess file order allow,deny deny from all
    # Protect .htaccess file
    <files ~ "^.*\.([Hh][Tt][Aa])">
    order allow,deny
    deny from all