.htaccess readable online
it is possible to view my htaccess file by entering the url. Granted you have to log into the members area first - but still no good!!
The permissions are on R R R and also tried RW R R. But still it's accessible once logged in.
I found a line of code which is supposed to solve the issue but when that is entered you no longer have to log in at all to view the members directory so ive taken it back out.
Any suggestions very welcome. Thank you.
This is my current htaccess file:
ErrorDocument 401 /errorpages/authorisation.htm
AuthUserFile /websites/xxxxxxxxxxxxxxx/.htpasswd
AuthGroupFile /dev/null
AuthName "Only approved member access to this directory"
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>
Order allow,deny
Satisfy any
The other information I've seen says insert this:
<Files .htaccess>
order allow,deny
deny from all
</Files>
perhaps im trying to insert it into the wrong place because it allows access without a pssword being required. Advice appreciated.
Re: .htaccess readable online
What kind of hosting do you have? Is it an Apache server?
Also, depending on the hosting plan some hosts don’t allow custom htaccess files. You may have to upgrade to use and own custom htaccess files.
Re: .htaccess readable online
Apache and custom htaccess allowed
Re: .htaccess readable online
Then you should contact your host because a browser viewable .htaccess file should never happen.
It'll be something to do with apache config or the web server's config.
It means that the .htaccess file hasn't got the right settings in the web server and the web server doesn't know that the file needs to remain private.