On Thu, 2010-07-08 at 13:40 +0530, J. Bakshi wrote:
> Hello list,
>
> I have become little confused and hope to get some help. I have a suse
> 11.2 server running Apache/2.2.10 (Linux/SUSE) with some virtual hosts. I already have the following in httpd.conf file
>
> ``````````````
> AccessFileName .htaccess
>
> #
> # The following lines prevent .htaccess and .htpasswd files from being
> # viewed by Web clients.
> #
> <Files ~ "^\.ht">
> Order allow,deny
> Deny from all
> </Files>
> ``````````````````````````
>
> But still I can read the .htaccess and .htpasswd file through browser, when visit the virtual host. But if I add the above config at the virtual host itself, it works well. So the virtualhosts bypass the config already there in httpd.conf. Do I need to write the code for each and every virtualhost then ? Not possible to define at any common point just once ?
Are you sure you're not seeing cached copies?
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
</FilesMatch>
This prevents you from opening (GET /.htaccess) those files.
If you want to prevent them from being seen in a directory listing, use
"IndexIgnore"
http://httpd.apache.org/docs/2.2/mod/mod_autoindex.html#indexignore
Mark.
--
Mark Watts BSc RHCE MBCS
Senior Systems Engineer, Managed Services Manpower
www.QinetiQ.com
QinetiQ - Delivering customer-focused solutions
GPG Key: http://www.linux-corner.info/mwatts.gpg
Attachment:
signature.asc
Description: This is a digitally signed message part
|