On Thu, 2010-07-08 at 13:40 +0530, J. Bakshi wrote:
> Hello list,
> I have become little confused and hope to get some help. I have a suse
> 11.2 server running   Apache/2.2.10 (Linux/SUSE) with some virtual hosts. I 
> already have the following in httpd.conf file
> ``````````````
> AccessFileName .htaccess
> #
> # The following lines prevent .htaccess and .htpasswd files from being
> # viewed by Web clients.
> #
> <Files ~ "^\.ht">
>     Order allow,deny
>         Deny from all
> </Files>
> ``````````````````````````
> But still I can read the .htaccess and .htpasswd file through browser, when 
> visit the virtual host. But if I add the above config at the virtual host 
> itself, it works well. So the virtualhosts bypass the config already there in 
> httpd.conf.  Do I need to write the code for each and every virtualhost then 
> ? Not possible to define at any common point just once ?

Are you sure you're not seeing cached copies?

<FilesMatch "^\.ht">
        Order allow,deny
        Deny from all

This prevents you from opening (GET /.htaccess) those files.

If you want to prevent them from being seen in a directory listing, use



Mark Watts BSc RHCE MBCS
Senior Systems Engineer, Managed Services Manpower
QinetiQ - Delivering customer-focused solutions
GPG Key: http://www.linux-corner.info/mwatts.gpg

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to