On Thu, 2010-07-08 at 13:40 +0530, J. Bakshi wrote: > Hello list, > > I have become little confused and hope to get some help. I have a suse > 11.2 server running Apache/2.2.10 (Linux/SUSE) with some virtual hosts. I > already have the following in httpd.conf file > > `````````````` > AccessFileName .htaccess > > # > # The following lines prevent .htaccess and .htpasswd files from being > # viewed by Web clients. > # > <Files ~ "^\.ht"> > Order allow,deny > Deny from all > </Files> > `````````````````````````` > > But still I can read the .htaccess and .htpasswd file through browser, when > visit the virtual host. But if I add the above config at the virtual host > itself, it works well. So the virtualhosts bypass the config already there in > httpd.conf. Do I need to write the code for each and every virtualhost then > ? Not possible to define at any common point just once ?
Are you sure you're not seeing cached copies?
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
</FilesMatch>
This prevents you from opening (GET /.htaccess) those files.
If you want to prevent them from being seen in a directory listing, use
"IndexIgnore"
http://httpd.apache.org/docs/2.2/mod/mod_autoindex.html#indexignore
Mark.
--
Mark Watts BSc RHCE MBCS
Senior Systems Engineer, Managed Services Manpower
www.QinetiQ.com
QinetiQ - Delivering customer-focused solutions
GPG Key: http://www.linux-corner.info/mwatts.gpg
signature.asc
Description: This is a digitally signed message part
