|
|
|
.Htaccess is a small text file that control configuration aspects of an Apache web server. Most people are familiar with the .htaccess file in relation with the ability to restrict access to a directory via password protection.
However, .htaccess can do a lot more than password protection. .Htaccess is an extremely powerful configuration tool that can customize the way your web site behaves and how your web server handles requests.
You can create as many .htaccess files as you wish for your website. you can have one in every directory if you like. However, .htaccess will control the directory it is placed in, as well as all the directories which are in the directory that the .htaccess file resides.
For that reason, many people just bother with one .htaccess file, and that would be the .htaccess file located in the root directory. Of course, if you are password protecting a directory, you would want to place a .htaccess file in the directory you'd be password protecting, assuming that it wasn't your root directory.
Your .htaccess files typically reside in your root directory. Since it's almost guaranteed that there will be a .htaccess in your root directory practically anyone can access and view it through their web browser using the appropriate URL address.
Most of the time there is information contained the the .htaccess file that you don't want people knowing, like the location of .htpasswd files (password files), or rules for allowing or denying access.
One way to prevent your visitor from viewing your .htaccess file is to disable access to that particular filename. You can add the following lines to your .htaccess file in the root directory to deny visitors from viewing all .htaccess files contained in your website:
<Files .htaccess>
order allow,deny
deny from all
</Files> |
|
