Sensitive URLs accessible

Question

When I hit url on my browser with .htaccess I can see the code of htaccess. It should be Access forbidden! or not accessible. How can I give restriction to htaccess as no one can access it.

domainname/.htaccess it's shown me code of htaccess.

Options +FollowSymLinks
RewriteEngine on

# Send request via index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]

php_value memory_limit 256M enter image description here

Give an example of a url that is accessible that should not be? — Caius Jard, Aug 31 '19 at 06:22
when browser type exp- www.abcexample.com/.htaccess and enter the show htaccess code.. how to fixed ? — Barun, Aug 31 '19 at 06:27

score 0 · Answer 1 · answered Aug 31 '19 at 09:30

Htaccess RedirectMatch can be used to hide/protect certain file extensions:

Options +FollowSymLinks
RewriteEngine on

RedirectMatch 403 \.(htaccess|htpasswd|ini|log|sh|inc|bak|bkp|sql)$

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]

result:

example.com/.htaccess -> 403
example.com/test -> 200 index.php
example.com/test.php -> 200 index.php

Read about at the following question: How to hide certain file type using apache .htaccess?

score 0 · Answer 2 · answered Aug 31 '19 at 09:45

0

check your apache.config file.

<Files ".ht*">
Require all denied
</Files>

Add this code. It will restrict accessing .htaccess file

answered Aug 31 '19 at 09:45

Samir Patel

167
1
7

Sensitive URLs accessible

2 Answers2