Re: [users@httpd] client removal of .htaccess file

Sun, 19 Jul 2020 12:14:01 -0700 

Most '.htaccess' files ARE provided by host developers so that users have some 
security control over their site (being able to choose who or what to block is 
one case in hand) WITH 'write' access. Most sysadmins with access to root 
privileges don’t actually use them and format the directives directly by a 
'directory by directory' configuration in apache config file (usually 
httpd.conf). So the usual use of them is for any user WITHOUT root access to 
the server and config files, so it’s a little out of the ordinary that you 
don’t have write or read access.
        I wouldn’t recommend not having a basic '.htaccess' or having a dummy 
file, if you don’t have root access.

"Just because you’re paranoid doesn’t mean they are not all out to get you…"

> On 19 Jul 2020, at 12:32, Joel <jm-hotm...@hotmail.com> wrote:
> 
> Thank you.  I gather I will need to ask the server hosting entity (who has 
> root access) to remove the file.
> 
> Any downsides to uploading an empty .htaccess file or a dummy file (just 
> having a comment and no directives)?
> 
> Joel
> 973 736 8306
> 
> From: angel Hall-Coulston
> Sent: Sunday, July 19, 2020 7:18 AM
> To: users@httpd.apache.org
> Subject: Re: [users@httpd] client removal of .htaccess file
> 
> Not without 'write' permission, or settings within httpd.conf, no… ALSO the 
> following config disallows viewing:
> 
> #
> # The following lines prevent .htaccess and .htpasswd files from being
> # viewed by Web clients.
> #
> <FilesMatch "^\.([Hh][Tt]|[Dd][Ss]_[Ss])">
>     Require all denied
> </FilesMatch>
> 
> And that’s prob why you can’t see it but CAN see the backup…
> 
> "What’s the difference between British SCONES (pronounced as in stones) and 
> SCONES (pronounced as in cons) ?? Around 50p each !"
> 
> > On 19 Jul 2020, at 11:57, Joel Miller <jm-hotm...@hotmail.com> wrote:
> >
> > Can one without server root access delete a previously uploaded .htaccess 
> > file?  The server can be accessed from the command line (e.g., ftp.[url] 
> > and permissions) but the file listing contains .htaccess_bak, not the 
> > .htaccess file.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
> > For additional commands, e-mail: users-h...@httpd.apache.org
> >

Attachment: signature.asc
Description: Message signed with OpenPGP

Reply via email to