How to Deny Access to .htaccess File

deny access to .htaccess

.htaccess file allows you to modify Apache server  configuration without actually accessing server config files. Since it is such an important file, it can be prone to malicious attacks. So it is advisable to deny access to .htaccess file for your website. Here’s how to deny access to .htaccess file.


How to Deny Access to .htaccess File

Here are the steps to deny access to .htaccess file in Apache web server.


1. Open Apache Server Config File

Open Apache server config file in a text editor. You will typically find it at one of the following locations depending on your Linux distribution.

  • /etc/apache2/httpd.conf
  • /etc/apache2/apache2.conf
  • /etc/httpd/httpd.conf
  • /etc/httpd/conf/httpd.conf


$ sudo vim /etc/httpd/httpd.conf


2. Deny access to .htaccess

Add the following block of code to apache config file

<Files .htaccess>
 order allow,deny
 deny from all

In the above block, the first line ensures that the rules in the block are applied only to .htaccess file.

The next 2 lines specify that access to this file should be blocked to all

This will ensure that nobody is able to access .htaccess via Apache web server. You can always open it via text editor/file manager.


3. Restart Apache Web Server

Restart Apache web server to apply changes

$ sudo /etc/init.d/apache2 start [Debian or Ubuntu]
# sudo apachectl restart [RHEL, CentOS or Fedora]




About Sreeram Sreenivasan

Sreeram Sreenivasan is the Founder of Ubiq, a business dashboard & reporting platform for small & medium businesses. Ubiq makes it easy to build business dashboards & reports for your business. Try it for free today!