.htaccess file allows you to modify Apache server configuration without actually accessing server config files. Since it is such an important file, it can be prone to malicious attacks. So it is advisable to deny access to .htaccess file for your website. Here’s how to deny access to .htaccess file.
How to Deny Access to .htaccess File
Here are the steps to deny access to .htaccess file in Apache web server.
1. Open Apache Server Config File
Open Apache server config file in a text editor. You will typically find it at one of the following locations depending on your Linux distribution.
$ sudo vim /etc/httpd/httpd.conf
2. Deny access to .htaccess
Add the following block of code to apache config file
<Files .htaccess> order allow,deny deny from all </Files>
In the above block, the first line ensures that the rules in the block are applied only to .htaccess file.
The next 2 lines specify that access to this file should be blocked to all
This will ensure that nobody is able to access .htaccess via Apache web server. You can always open it via text editor/file manager.
3. Restart Apache Web Server
Restart Apache web server to apply changes
$ sudo /etc/init.d/apache2 start [Debian or Ubuntu] # sudo apachectl restart [RHEL, CentOS or Fedora]