Acunetix’ Bogdan Calin wrote an article explaining why .htaccess files should not be used to secure sensitive data: htaccess files should not be used for security restrictions.
According to Apache documentation:
.htaccess files (or “distributed configuration files”) provide a way to make configuration changes on a per-directory basis. A file, containing one or more configuration directives, is placed in a particular document directory, and the directives apply to that directory, and all subdirectories thereof.
Many PHP web applications use .htaccess files to restrict access to specific files or directories that may contain sensitive information. For example, in order to restrict access to all files in a specific directory you can create a .htaccess file in that directory containing the string “deny from all”. In many cases it is wrong to impose security restrictions using .htaccess files.
Read on at Acunetix
If you want to step in to help me cover the costs for running this website, that would be awesome. Just use this link to donate a cup of coffee ($5 USD for example). And please share the love and help others make use of this website. Thank you very much!
My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, websites & optimization.
HackRepair.com’s Bad Bots .htaccess in web.config for IIS
WordPress Is the Most Attacked CMS Application
RewriteProxy with .htaccess in IIS
Mod_evasive on IIS
Huge increase in WordPress xmlrpc.php POST requests
Remove IIS Server version HTTP Response Header