Re: client removal of .htaccess file (Apache Users)

Re: client removal of .htaccess file

Date Prev

Date Next

Thread Prev

Thread Next

Date Index

Thread Index

To: users@xxxxxxxxxxxxxxxx

Subject: Re: client removal of .htaccess file

From: angel Hall-Coulston <rammsteinium@xxxxxxxxxxxxxxxxxx>

Date: Sun, 19 Jul 2020 20:12:55 +0100

In-reply-to: <BL0PR02MB54250574D02EAF175F7981769F7A0@BL0PR02MB5425.namprd02.prod.outlook.com>

Reply-to: users@xxxxxxxxxxxxxxxx

Most '.htaccess' files ARE provided by host developers so that users have some security control over their site (being able to choose who or what to block is one case in hand) WITH 'write' access. Most sysadmins with access to root privileges don’t actually use them and format the directives directly by a 'directory by directory' configuration in apache config file (usually httpd.conf). So the usual use of them is for any user WITHOUT root access to the server and config files, so it’s a little out of the ordinary that you don’t have write or read access.

I wouldn’t recommend not having a basic '.htaccess' or having a dummy file, if you don’t have root access.

"Just because you’re paranoid doesn’t mean they are not all out to get you…"

On 19 Jul 2020, at 12:32, Joel <jm-hotmail@xxxxxxxxxxx> wrote:

Thank you. I gather I will need to ask the server hosting entity (who has root access) to remove the file.

Any downsides to uploading an empty .htaccess file or a dummy file (just having a comment and no directives)?

Joel
973 736 8306

From: angel Hall-Coulston
Sent: Sunday, July 19, 2020 7:18 AM
To: users@xxxxxxxxxxxxxxxx
Subject: Re: client removal of .htaccess file

Not without 'write' permission, or settings within httpd.conf, no… ALSO the following config disallows viewing:

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.([Hh][Tt]|[Dd][Ss]_[Ss])">
Require all denied
</FilesMatch>

And that’s prob why you can’t see it but CAN see the backup…

"What’s the difference between British SCONES (pronounced as in stones) and SCONES (pronounced as in cons) ?? Around 50p each !"

> On 19 Jul 2020, at 11:57, Joel Miller <jm-hotmail@xxxxxxxxxxx> wrote:
>
> Can one without server root access delete a previously uploaded .htaccess file? The server can be accessed from the command line (e.g., ftp.[url] and permissions) but the file listing contains .htaccess_bak, not the .htaccess file.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>

Attachment: signature.asc
Description: Message signed with OpenPGP