Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 211
  • Last Modified:

How to HTACESS ...

Hello Guys,

this question is for my CEH course,
in my research i must to find how to open HTACESS from another hosts ?!
and how to protect it ?

thanks :)
0
tourajam
Asked:
tourajam
  • 4
  • 4
1 Solution
 
nociSoftware EngineerCommented:
To open use a browser..... (what else..?)
Prevent access ... (what else?)

Homework... http://www.experts-exchange.com/Security/Linux_Security/help.jsp#hi130  (what else?)

Readup on apache webserver. maybe lookup the chapter about authorisation etc. using htaccess?
0
 
xDamoxCommented:
Hi,

The only way you can read .htaccess is if you SSH into the host and open it with a text editor. By default apache version 2
disables access to the .htaccess and .htpasswd by the following:

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>

0
 
tourajamAuthor Commented:
how to bypass to read HTACESS ?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
xDamoxCommented:
Hi,

The only way to read the .htaccess is if you have SSH access to the webserver there is no way to bypass the
above rule which, denys access to the .htaccess and .htpasswd
0
 
tourajamAuthor Commented:
what about brute force ?
0
 
xDamoxCommented:
Hi,

No matter what you try you will always be denied access to the .htaccess and .htpasswd files via the web browser, the ONLY
method to access these two files is if your logged into the web server.
0
 
tourajamAuthor Commented:
i dont think so, not agree with you

http://www.team-e1.ch/admin

something like it, what i need to bypass, only EXPLOITS or Brute force or other materials !!!!
0
 
xDamoxCommented:
>in my research i must to find how to open HTACESS from another hosts ?!
The apache configuration does not lie you CANNOT access the .htpasswd and .htaccess file!

>something like it, what i need to bypass, only EXPLOITS or Brute force or other materials !!!!
Bruteforce will just try guess the username/password it does not actually get the .htpasswd file!!

Conclusion
You cannot access the .htaccess and .htpasswd files via the web browser the ONLY way is to have access to the
machine via SSH or Telnet.
0
 
tourajamAuthor Commented:
ok ... Thank you
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now