• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 376
  • Last Modified:

deny access with htaccess

Hi all,

I want to deny access to htaccess.txt or another file with txt extension by editing htaccess.txt
Below is the copy of my htaccess.
But it dosent work :(

##
# @version $Id: htaccess.txt 9975 2008-01-30 17:02:11Z ircmaxell $
# @package Joomla
# @copyright Copyright (C) 2005 - 2008 Open Source Matters. All rights reserved.
# @license http://www.gnu.org/copyleft/gpl.html GNU/GPL
# Joomla! is Free Software
##


#####################################################
#  READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE
#
# The line just below this section: 'Options +FollowSymLinks' may cause problems
# with some server configurations.  It is required for use of mod_rewrite, but may already
# be set by your server administrator in a way that dissallows changing it in
# your .htaccess file.  If using it causes your server to error out, comment it out (add # to
# beginning of line), reload your site in your browser and test your sef url's.  If they work,
# it has been set by your server administrator and you do not need it set here.
#
#####################################################

##  Can be commented out if causes errors, see notes above.
Options +FollowSymLinks

#
#  mod_rewrite in use

RewriteEngine On



#  Uncomment following line if your webserver's URL
#  is not directly related to physical file paths.
#  Update Your Joomla! Directory (just / for root)

# RewriteBase /


########## Begin - Joomla! core SEF Section
#
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/index.php
RewriteCond %{REQUEST_URI} (/|\.php|\.html|\.htm|\.feed|\.pdf|\.raw|/[^.]*)$  [NC]
RewriteRule (.*) index.php
#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

<files htaccess.txt>
  order allow,deny
  deny from all
</files>

#
########## End - Joomla! core SEF Section


########## Begin - Rewrite rules to block out some common exploits
## If you experience problems on your site block out the operations listed below
## This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# Block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*\(.*\) [OR]
# Block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (\<|%3C).*script.*(\>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
#
########## End - Rewrite rules to block out some common exploits
0
reinhardtdjango
Asked:
reinhardtdjango
  • 2
  • 2
1 Solution
 
caterham_wwwCommented:
> by editing htaccess.txt

Did you rename the directive AccessFilename in your httpd.conf? Because the default value of per-directory configuration files is .htaccess and not htaccess.txt
0
 
reinhardtdjangoAuthor Commented:
Ok right, i've done it and added

<Files ~ "^.*\.txt">
Order Allow,Deny
Deny from all
</Files>

to deny access to txt files.

After that it works but not completely.
There are two txt files that this rule is not working for them

When you try to access these two txt files at first attempt you can display the content but then
if you refresh the page you have the forbidden message?

Do you know what can be the reason?
0
 
caterham_wwwCommented:
Did you clear your browser cache?
0
 
reinhardtdjangoAuthor Commented:
yes i cleared the browser cache.

what is interesting is that when i write the address of the file to the address bar
the file displays when i refresh i have the message forbidden, if i go to the address bar and press enter again the file displays and if i refresh again i have the message forbidden, this  goes on in a loop.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now