> > The regex in filesmatch Directive is quite useless but this leads to the > problem that .htaccess file can called by http in browser and shows all of > its contents. > > http://example.com/.htaccess > > Seems to me quite simple for a user to disclose his .htaccess contents by > simple filesmatch directive which suddenly ignores AccessFileName directive. > Is this a bug or expected? >
I have the following in the httpd.conf: # # The following lines prevent .htaccess and .htpasswd files from being # viewed by Web clients. # <FilesMatch "^\.ht"> Order allow,deny Deny from all Satisfy All </FilesMatch> Don't you have something similar?