I added a .htaccess file to a folder to make it password protected. I would like to prevent all users from being able to read that .htaccess file, because it reveals the location of my .htpasswd (I don't have permissions on this server to put this file outside of the html tree).
I tried the suggestions at http://www.javascriptkit.com/howto/htaccess8.shtml, but I can still read my .htaccess on a web browser. Here is my .htaccess:
AuthName "Restricted Area"
AuthType Basic
AuthUserFile /home/www/users/mylogin/HTML/some_hidden_dir/.htpasswd
AuthGroupFile /dev/null
require valid-user
<Files .htaccess>
order allow,deny
deny from all
</Files>
What am I missing?
I've always used this method in my main root HTACCESS file and it works like a charm:
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>
More info on this method from one of my bookmarks:
http://perishablepress.com/press/2008/05/20/improve-site-security-by-protecting-htaccess-files/
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With