Support

Admin Tools

#26508 .htaccess "self" protection

Posted in ‘Admin Tools for Joomla! 4 & 5’
This is a public ticket

Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.

Environment Information

Joomla! version
n/a
PHP version
n/a
Admin Tools version
n/a

Latest post by dnlkbwbmstr on Tuesday, 08 November 2016 10:11 CST

Tuesday, 08 November 2016 07:19 CST

dnlkbwbmstr
Hello.
Isn't it considered a good practice to protect .htaccess with instructions in the file itself?
Like:
<Files .htaccess>
order allow,deny
deny from all
</Files>
It seems to me that this is missing in .htaccess files generated by ATpro.
Or am I just wrong?
Regards.

Tuesday, 08 November 2016 08:19 CST

nicholas
This is already done by Apache itself. Actually, it's done in the Apache main configuration which in turn loads all the virtual host configuration files. You would have to explicitly disable that protection in the main Apache configuration file to need the .htaccess hiding itself. If you ever see any host where .htaccess is web accessible please change hosts immediately.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 08 November 2016 09:01 CST

dnlkbwbmstr
Thank you Sir.
But if I may ask: why is it almost everywhere suggested to insert such instruction in .htaccess if there is no practical need?
Couldn't it be a further means of protection against Apache main webserver's hacks/failures?
Or is it just for "peace of mind"?

Tuesday, 08 November 2016 09:59 CST

nicholas
It's suggested by people who never bothered to find out how Apache works, I guess? I've seen loads of really terrible advice out there, especially with regards to Apache and PHP configuration. I've seen several sites mindlessly copying bad advice. Don't fall for it. Exercise critical thought and at the very least look at StackOverflow where people will provide arguments for and against these things, explaining what they really do and in which very specific cases they are required.

Nicholas K. Dionysopoulos

Lead Developer and Director

🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!

Tuesday, 08 November 2016 10:11 CST

dnlkbwbmstr
Thanks for your advice.
Regards.

Support Information

Working hours: We are open Monday to Friday, 9am to 7pm Cyprus timezone (EET / EEST). Support is provided by the same developers writing the software, all of which live in Europe. You can still file tickets outside of our working hours, but we cannot respond to them until we're back at the office.

Support policy: We would like to kindly inform you that when using our support you have already agreed to the Support Policy which is part of our Terms of Service. Thank you for your understanding and for helping us help you!