Skip to content
Advertisement

.htaccess is still allowing access to files

If I want to prevent a random user from using the URL to browse to a web file, I need to use an .htaccess file.

I have added my code below. I have created an .htaccess file and placed it within my include folder to prevent users from navigating to and reading my database.php file.

Following the instructions found here: https://www.plothost.com/kb/how-to-deny-access-to-a-specific-file-on-your-site-via-htaccess/

Of course I made some slight alterations.

Here is the code in my .htaccess file:

<files database.php>
Order Allow,Deny
Deny from all
</files>

Using the above, I am still able to URL right to the database.php file. I need to prevent this from happening.

What am I doing wrong?

Advertisement

Answer

Please check the following:

  1. Make sure, your .htaccess file is really called “.htaccess”
  2. The .htaccess file must be in the correct directory or the path of the file must be relative to the .htaccess file.

I just ran this on my machine. The same code you have used. My structure:

structure

The files are identical. I commented out the content in the .htaccess file in the root dir. So now I can call localhost:8080/database.php but not localhost:8080/test/database.php => I get an Error 403 (access denied).

EDIT

How about this guide here? setup htaccess

Looks legit. This is my config. According to the guide, it is just about setting up this config file and restart.

In htdocs

EDIT 2

I found out, that the httpd.conf I had opened is not the correct one. I found the correct one under: Application/XAMPP/xamppfiles/etc/httpd.conf.

In this file you have to search for:

# 
# DocumentRoot: The directory out of which you will serve your
# documents. By default, all requests are taken from this directory, but
# symbolic links and aliases may be used to point to other locations.
#
DocumentRoot "/Applications/XAMPP/xamppfiles/htdocs"
<Directory "/Applications/XAMPP/xamppfiles/htdocs">
    #
    # Possible values for the Options directive are "None", "All",
    # or any combination of:
    #   Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
    #
    # Note that "MultiViews" must be named *explicitly* --- "Options All"
    # doesn't give it to you.
    #
    # The Options directive is both complicated and important.  Please see
    # http://httpd.apache.org/docs/trunk/mod/core.html#options
    # for more information.
    #
    #Options Indexes FollowSymLinks
    # XAMPP
    Options Indexes FollowSymLinks ExecCGI Includes

    #
    # AllowOverride controls what directives may be placed in .htaccess files.
    # It can be "All", "None", or any combination of the keywords:
    #   Options FileInfo AuthConfig Limit
    #
    #AllowOverride None
    # since XAMPP 1.4:
    AllowOverride All

    #
    # Controls who can get stuff from this server.
    #
    Require all granted
</Directory>

Here you find this:

#AllowOverride None  # this does deactivate .htaccess
# since XAMPP 1.4:
AllowOverride All    # this does activate .htaccess

At least for me this was solely responsible for the .htaccess rewrite. When I set it to AllowOverride None the .htaccess is completely ignored.

User contributions licensed under: CC BY-SA
6 People found this is helpful
Advertisement