apache_security_hiddenfiles
IMPORTANT
It is important to note that apache WILL server hidden content (hidden files defined by '.' eg .hidden).
The httpd.conf or apache2.conf file comes with an entry preventing .htaccess and .htpasswd files being served:
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</Files>
Will will need to add an entry preventing other/all hidden files being served. Add the following content directly under the above content in the httpd.conf (apache2.conf file)
<LocationMatch ^(.*/)\..*> Order Allow,Deny Deny from All Satisfy All </LocationMatch>
apache_security_hiddenfiles.txt · Last modified: 2024/05/23 07:26 by 127.0.0.1