Copahost Forum

[TheJets]

Just wondering what a general safe .htaccess file should contain. I would like to create 1 .htaccess file and just upload it to all my sites. One of the main things i'm looking for is to prevent people freely browsing certain files/directories.

Can someone help me out?

[Andrew]

It really depends what you want to achieve. There is no single .htaccess file that would be suitable for everyone.

A good place to start is searching on Google for tutorials and also here:
http://httpd.apache.org/docs/1.3/howto/htaccess.html

[Jhon Kelly]

ANY system administrator can read ANY document on one of their machines. Encrypting is not a good answer for web access, in fact truly sensitive documents should never be publicly visible to the web. Better is to store sensitive material in a database and use dynamic web page generation to view it. This can be controlled by the inbuilt database security (set your own root password and a password for yourself as an administrator on mysql and even su can't read it).

[Beaten Rice]

My only experience with editing these files is when my installation of Joomla (a content management system) warned me that my global registers was turned on, which is a security risk. It said to edit the .htaccess file, which I did, but that didn't turn off the warning. So after some research I found that I could upload a php.ini file and here is a template you can use .