apache2.conf about accessibility of root filesystem)

Oliver Weihe Mon, 10 Jun 2024 07:57:12 -0700

Hi again,

similar issue with .htaccess and .htpasswd - a simple symlink and Apachehappily serves the file(s) so the following lines don't really prevent this.


--- 8< ---
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
        Require all denied
</FilesMatch>
--- 8< ---

And btw: why not this?
--- 8< ---
<FilesMatch "^\.(htaccess|htpasswd)">
--- 8< ---


Regards,
 Oliver

Bug#1072729: Acknowledgement (apache2: misleading comment in default /etc/apache2/apache2.conf about accessibility of root filesystem)

Reply via email to