Using .htaccess for file security

redneck

I am using a webhost which is excellent in all respects except one: they don't allow users access to the .httpd or php.ini files (this is probably one reason they are able to offer such a good service at such a low price). This is a small problem for me because I typically use include files with .INC extensions, and in the past I would configure Apache so that files with .INC extensions were not viewable from the Web.

It has been suggested that I can achieve the same result with configuration directives in a .htaccess file. I am much less familiar with .htaccess, normally associating it with directory-level authentication. Can anyone tell me how I can use .htaccess to restrict web-viewing of .INC files?

spirp

the .htaccess files work pretty much the same way as the main httpd.conf-file. You just enter the configuration settings you would enter in a <directory /dir/> section in httpd.conf..

read more about it in apaches documentation: http://httpd.apache.org/docs/howto/htaccess.html

Good luck!
//Olle