>
> The regex in filesmatch Directive is quite useless but this leads to the
> problem that .htaccess file can called by http in browser and shows all of
> its contents.
>
> http://example.com/.htaccess
>
> Seems to me quite simple for a user to disclose his .htaccess contents by
> simple filesmatch directive which suddenly ignores AccessFileName directive.
> Is this a bug or expected?
>
I have the following in the httpd.conf:
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
Don't you have something similar?
