httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mark Watts <>
Subject Re: [users@httpd] still see .htaccess and .htpasswd trough virtual host
Date Thu, 08 Jul 2010 08:20:36 GMT
On Thu, 2010-07-08 at 13:40 +0530, J. Bakshi wrote:
> Hello list,
> I have become little confused and hope to get some help. I have a suse
> 11.2 server running   Apache/2.2.10 (Linux/SUSE) with some virtual hosts. I already have
the following in httpd.conf file
> ``````````````
> AccessFileName .htaccess
> #
> # The following lines prevent .htaccess and .htpasswd files from being
> # viewed by Web clients.
> #
> <Files ~ "^\.ht">
>     Order allow,deny
>         Deny from all
> </Files>
> ``````````````````````````
> But still I can read the .htaccess and .htpasswd file through browser, when visit the
virtual host. But if I add the above config at the virtual host itself, it works well. So
the virtualhosts bypass the config already there in httpd.conf.  Do I need to write the code
for each and every virtualhost then ? Not possible to define at any common point just once

Are you sure you're not seeing cached copies?

<FilesMatch "^\.ht">
        Order allow,deny
        Deny from all

This prevents you from opening (GET /.htaccess) those files.

If you want to prevent them from being seen in a directory listing, use


Mark Watts BSc RHCE MBCS
Senior Systems Engineer, Managed Services Manpower
QinetiQ - Delivering customer-focused solutions
GPG Key:

View raw message