P
P
polak2282021-10-17 05:15:58
htaccess
polak228, 2021-10-17 05:15:58

Is it safe to store .htaccess in the root of a site?

spoiler
616b87095ce71873619623.jpeg

Is it dangerous to store .htaccess in the root of a site?

Answer the question

In order to leave comments, you need to log in

5 answer(s)
I
Ipatiev, 2021-10-17
@polak228

This is a very funny question.
If you read only the title, then the question sounds very funny. Like "Is it dangerous to breathe?". the .htaccess file is just designed to be placed in the site folders, root or non-root - it doesn't matter.
But if you read the whole question, along with the very funny text in the picture, it will become clearer what is meant.
No, it's hardly a security hole.
Here, rather, a hole in the head AKA misunderstanding of the meaning of their actions.
First, the wording. If you remember that the root of the site is just the public directory , then the question will be initially meaningless, "why is the file in the public directory, and not in the public directory?"
That is, you must first understand that the note in the picture is about the root of the application , and not the site. In which the site root is just one of the folders. The one in public.
And only after that you can start answering the question:
At the root of the application - that is, a folder that, in theory, has nothing to do with the web server at all, putting htaccess is rather pointless. And in theory, it may turn out that the Apache web server will not read it at all. And, as a result, some secret settings may not apply.
But here we must remember that tying any kind of security on the .htaccess file is already a so-so idea. Since the share of the Apache web server is steadily declining, it is very likely that on a real server the .htaccess file will just hang around dead weight, and no one will pay the slightest attention to it.

S
Sanes, 2021-10-17
@Sanes

That's what it was invented for.
Server features.

V
Vladimir Korotenko, 2021-10-17
@firedragon

.htaccess
is stored in the directory where directives need to be overridden, and yes, access to it from the outside is closed by default

A
alexalexes, 2021-10-17
@alexalexes

It is safe if the mode of access to files of this type is properly organized by the OS settings for the file system user, which is the web server. Plus, the web server must be configured to not allow the contents of these files to be served. Direct access to the contents of configuration files, site scripts should not be provided by means of a web server (ssh, ftp).

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question