Skip to main content

Server Security - Secure Your Website using. Htaccess file

What is .htaccess file

.htaccess files provide a way to make configuration on a per-directory basis. In the .htaccess file, we provide directives to apply a configuration.

When to use .htaccess

Generally, this file should be used when you have no access to your server configuration file (httpd.conf).

The best example would be shared hosting providers where you don’t get root access to make changes in httpd.conf file. In such scenarios .htaccess plays a very important role.

In shared hosting, we make .htaccess files to secure our websites. We create this file on each directory to secure it from hackers or attackers.

When to avoid .htaccess file

We should not use this if we have access to our main configuration file.

There are two main reasons to avoid the use of .htaccess file.

The first of these is performance. When AllowOverride is set to allow the use of .htaccess files, httpd will look in every directory for .htaccess files. Thus, permitting .htaccess files cause a performance hit.
The Other reason is .htaccess file is loaded every time a document is requested.  

One should go with .htaccess file only when there is no other option left.

How to create .htaccess file

Step 1: Go inside the root directory of your website. And then create an empty file with the extension .htaccess

So now website folders are looking like this

Website Directory

If you haven’t read my previous server security article then please check out this

How to secure the server using .htaccess

Hide Server Details On Page Footer

First, we will hide our server details on footer which gets visible when error pages get displayed. To do this I will add the ServerSignature directive and set its value to Off. The ServerSignature will hide the server details on the footer.

Website - Page not found with footer

Thus, we will add the below line then save the file and restart the server.

ServerSignature Off

Website - Error 404 Page not found

Hide Directory Listing

When there is no default file is available in the directory which is generally index.html or index.php then the server gets confused which file to show and it displays all the files and folders. This is quite dangerous because if an attacker finds this then they can misuse the data.

when no default file is available it displays contents like this

Website directory structure

In order to hide the content, we will add the below line save the file, and restart the server.

Options -Indexes

Website directory structure hidden
Directory is no longer visible

In this article, we have seen the other way of securing our website when we do not have access to the server main configuration. I hope you have learned something new with this article.

Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

3D ANALYZER SETTINGS

Settings for Prince of Persia Sands of Time Works with this game, u can try wid others also which are not in above list Performance section: -force zBuffer Hardware limits: -emulate HW TnL caps -emulate Pixel shader caps ANTI-DETECT MODE section: -shaders Z-buffer section: -24 bit zbuffer(with stencil) DirectX DeviceID’s section: NVIDIA GeForce Ti4600 Configuration: VendorID : 4318 Device ID :592 Works well in the following or higher configuration -Intel 865GSA motherboard, -512 MB RAM, -Pentium D dual core 2.66 GHz processor, -No graphics card required…….. have fun.
184 comments
Read more

SMACKDOWN HERE COMES THE PAIN PCSX2 SETTINGS

Smack Down Here Comes The Pain Configuration: GRAPHICS-GSDX 1600(MSVC 15.00 SSSE3)0.1.15 CONTROLLERS-LILLY PAD 0.10.0 CDVDROM-EPP POLLING CDVD DRIVER 0.4.0 USB-USB NULL DRIVER 0.6.0 SOUND-SPU2-X1.1.0 SECOND CONTROLLER-LILLY PAD 0.10.0 DEV9-DEV9NULL DRIVER-0.4.0 FIRE WIRE-FWNULL DRIVER 0.5.0 BIOS-EUROPE V01.60(04/10/2001)CONSOLE SYSTEM REQUIREMENTS FOR PCSX2- MINIMUM - * Windows/Linux OS * CPU: Any that supports SSE2 (Pentium 4 and up, Athlon64 and up) * GPU: Any that supports Pixel Shader model 2.0, except Nvidia FX series (broken SM2.0, too slow anyway) * 512mb RAM (note Vista needs at least 2gb to run reliably) RECOMMENDED - * Windows Vista 32bit/64bit with the latest DirectX * CPU: Intel Core 2 Duo @ 3.2ghz or better * GPU: 8600gt or better (for Direct3D10 support) * RAM: 1gb on Linux/Windows XP, 2gb or more on Vista MY SYSTEM REQUIREMENTS WINDOWS XP SP3 PENTIUM DUAL CORE 2.6GHZ (E5300) 2GB RAM ZOTAC 8400GS 512MB DIRECT-X 9...
118 comments
Read more

$$$$$$$$10 reasons why PCs crash U must Know$$$$$$$

10 reasons why PCs crash U must Know Fatal error: the system has become unstable or is busy," it says. "Enter to return to Windows or press Control-Alt-Delete to restart your computer. If you do this you will lose any unsaved information in all open applications." You have just been struck by the Blue Screen of Death. Anyone who uses Mcft Windows will be familiar with this. What can you do? More importantly, how can you prevent it happening? 1 Hardware conflict The number one reason why Windows crashes is hardware conflict. Each hardware device communicates to other devices through an interrupt request channel (IRQ). These are supposed to be unique for each device. For example, a printer usually connects internally on IRQ 7. The keyboard usually uses IRQ 1 and the floppy disk drive IRQ 6. Each device will try to hog a single IRQ for itself. If there are a lot of devices, or if they are not installed properly, two of them may end up sharing the same IRQ number...
Post a Comment
Read more