HowTo

Securing Apache - Deny Access to Files

Running a website is very easy nowadays, but the simplicity comes with a certain amount of risk. Even the "experts" make mistakes and overlook security risks as simple as leaving backup files or other files in the httpd root directory. Let's say you make a backup of a config file or a htpasswd file and call the file config.bak or htpasswd.old The files are now available for viewing or download. Simple Google hacking makes it easy to find these files on the Internet. So what's an Admin to do? Create a list of files you don't want to be accessible using the Apache FilesMatch directive as seen below. Use the Allow from directive to include your workstation IP or a network block that you want to allow. That's it, now your .bak and .orig files are safe from "back surfing" or Google hacking.

# BLOCK ACCESS TO CETRAIN FILE EXTENSIONS FOR SECURITY REASONS
<FilesMatch "\.(htaccess|htpasswd|bak|ini|phps|log|sh|old|orig|conf|cnf)$">
Order Deny,Allow
Deny from all
Allow from 172.16.200.0/24
</FilesMatch>

Back To Articles