Securing Apache, Tip#3: Restrict file extensions

Under some circumstances, some specific files types must exist in the DocumentRoot directory but they don’t have to be accesible on the web server. Common examples are:

.htaccess   Configuration file per directory-basis
.htpasswd   Manage user files for basic authentication
.svn*       Subversion control files
.bak        Backup files
/CSV/       CSV control files

Include the following directives in your httpd.conf or your virtual host config file to restrict access to these type of files:

<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>

<FilesMatch "(\.bak$|\.BAK$)">
Order Allow,Deny
Deny from all
</FilesMatch>

<DirectoryMatch /CVS/>
Order Allow,Deny
Deny from all
</DirectoryMatch>

<DirectoryMatch \.svn>
Order allow,deny
Deny from all
</DirectoryMatch>

See other tips:

Securing Apache, Tip #1: Minimize banner information

Securing Apache, Tip#2: PHP display_errors

Advertisements

One thought on “Securing Apache, Tip#3: Restrict file extensions

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s