Using .htaccess for security

notset

Hello,

my site is on the shared hosting, so i can't edit apache configuration, but i still want that all my files would be secured. For this reason i use .htaccess.

Here is what i already created:

Options -ExecCGI -FollowSymLinks -Indexes
AddDefaultCharset utf-8
<Files ~ "^\._*">
	Order Deny,Allow
	Deny from All
	Satisfy All
</Files>
ErrorDocument 400 error
ErrorDocument 401 error
ErrorDocument 403 error
ErrorDocument 404 error
ErrorDocument 405 error
ErrorDocument 500 error
ErrorDocument 501 error
ErrorDocument 502 error
ErrorDocument 503 error

What else i want to do?

To hide the server signature
To deny from accessing any directories and files inside of the directory in which the .htaccess file is. Exeption only for index.php file from the main directory. I know, i can put the .htaccess file with "deny from all" in all directories, but maybe i can do the same thing in only file?

Thank's,

Roger_Ramjet

.htaccess applies to the folder and all subfolders unless one contains an .htaccess that overrides it.

Comprehensive guide to .htaccess will give you all the info you need

notset

Then how to deny access to everything from the root directory except 2 files?

Options None
AddDefaultCharset utf-8
<Directory />
	Order Deny,Allow
	Deny from All
</Directory>
<Files index.php>
	Order Deny,Allow
	Allow from All
</Files>
<Files style.css>
	Order Deny,Allow
	Allow from All
</Files>

Doesn't work.

bradgrafelman

Probably because your Directory tag doesn't have a valid path. Try using the full path to your web root directory.