IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [htaccess]

.htaccess is a configuration file for use on web servers running the Apache Web Server software.

.htaccess is a configuration file for use on web servers running the Apache Web Server software. When a .htaccess file is placed in a directory which is in turn 'loaded via the Apache Web Server', then the .htaccess file is detected and interpreted by the Apache Web Server software. These .htaccess files can be used to alter the configuration of the Apache Web Server software to enable/disable additional functionality and features that the Apache Web Server software has to offer. These facilities include basic redirect functionality, for instance if a 404 file not found error occurs, or for more advanced functions such as content password protection or image hot link prevention.

source Wikipedia:

24 questions
1
vote
2 answers

Override parent .htaccess with php.ini?

Is it possible to override parent folder .htaccess rules with child php.ini or some other file except .htaccess? What I have is: /var/www/site/static/.htaccess /var/www/site/static/abc/ /var/www/site/static/abc/def/(I have access to this) I have…
MagExt
  • 147
  • 4
0
votes
0 answers

How to lock composer.lock in Apache?

How can I block composer attacker access in Apache? But keep composer working for the application? I'm running Ubuntu and Apache, does anyone know?
Jhon Laurence
  • 11
  • 4
0
votes
0 answers

Dynamic DNS threats for allow list access to an application

I have some clients whose IP changes every day and static IP is not an option for them. If I have them install a Dynamic DNS client, and then in my application .htaccess file refer to that Dynamic DNS domain, does that pose any security issue for my…
user2861783
  • 1
0
votes
1 answer

How to find PHP filename and ID of the URL?

.htaccess is now a very common URL rewrite to make it SEO friendly and cover the database IDs. What are the ways to explore php file on the server given to URL via .htaccess? Example : The URL is www.domain.com/news/56. I expect to find…
Jack
  • 1
0
votes
2 answers

Unable to execute PHP, throws 500 error. Able to upload and execute all others

I managed to upload a PHP shell using an upload form with some tweaking. No such restrictions except it renames the uploaded file to md5. But when I tried to execute the shell, It shows a 500 error. I am able to view or download all other files such…
Marcus Adeao
  • 9
  • 3
0
votes
2 answers

Is there any good reason to move files outside webserver document root?

Let's say I create a website (with apache for example) and my php pages get some sensitive information from a file on disk (a .ini file, a SQLite db or whatever). I thought two ways to prevent users from getting to this information: separate…
Mauro F.
  • 1
  • 3
0
votes
2 answers

Could Someone Use a Stolen Cookie Session ID to Bypass Htaccess Login?

I'm doing some pen testing for my place of employment. I was able to grab the session id from the browser cookies, but i still cannot get past the htaccess login. I initially thought that by setting the cookie with the stolen session id, the…
user1355016
  • 11
0
votes
2 answers

How to prevent users to access my files?

I run a magento shop and figured out that there is a security risk. Users can download the logfiles under /var/log/. If they go to https://www.example.com/var/log then a 404 site shows but if they know the exact name of the logfile then they can…
Black
  • 136
  • 5
0
votes
1 answer

Is there any way to bypass .htaccess PATH restriction (in URLs)?

We use .htaccess to deny direct access to specific file example.com/myfile.txt, by using this configuration: RewriteEngine on RewriteCond %{THE_REQUEST} myfile.txt RewriteRule ^ - [F,L] The intent is that if the url contains myfile.txt, we…
T.Todua
  • 2,677
  • 4
  • 19
  • 28
1
2