Thread: .htaccess Files

Results 1 to 3 of 3
  1. #1
    Join Date
    May 2006
    Location
    UK
    Posts
    106
    Plugin Contributions
    0

    Default .htaccess Files

    Hi folks
    I have been looking at the important site security recommendation document athttp://www.zen-cart.com/wiki/index.p...ecommendations

    Section 7 of this document mentions the use of .htaccess files to help prevent snooping. I have done a quick search on my zencart build and have listed all the directories that have an blank index.html without a .htaccess file as well.

    My question is should i include a basic .htaccess like the one also listed in section 7 along side these blank index.html files.

    I have attached a plain txt file with a listing of my finding.

    Regards
    Jayson
    Attached Files Attached Files

  2. #2
    Join Date
    Jan 2004
    Posts
    60,393
    Blog Entries
    4
    Plugin Contributions
    144

    Default Re: .htaccess Files

    There are many possible approaches depending on your hosting server's configuration. Some allow you to control with a cascading .htaccess file which catches all inappropriate access to all subdirectories, and others do not.

    If you are uncertain or cannot get a clear answer from your host, then protect each folder manually. If you are using Windows hosting, don't rely on .htaccess ... use index.html instead, and work with your host to ensure you have the best security settings active in your account (well, as good as IIS can do anyway).

    So ... not to pass the buck, but ... do what *you* have to do for *your* server. The guidelines are simply guidelines, as no *one* exact solution will work for everyone, since every host configures their server differently on their own whims (and changes it as they see fit, often without notice).


    By the way, you seem to have extra admin folders in your download and media folders for some reason...
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donations always welcome: www.zen-cart.com/donate

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.



  3. #3
    Join Date
    May 2006
    Location
    UK
    Posts
    106
    Plugin Contributions
    0

    Default Re: .htaccess Files

    Quote Originally Posted by DrByte
    By the way, you seem to have extra admin folders in your download and media folders for some reason...
    Thanks for pointing that out i guess it must have been a slip of the fingers when uploading or something.

 

 

Similar Threads

  1. SSL change to configure files causing problems
    By Bryony in forum Installing on a Linux/Unix Server
    Replies: 4
    Last Post: 12 Jul 2006, 11:49 AM
  2. Replies: 1
    Last Post: 24 Jun 2006, 02:00 AM
  3. Replies: 10
    Last Post: 8 Jun 2006, 08:45 PM
  4. Files aren't overriding
    By sabastina in forum Templates, Stylesheets, Page Layout
    Replies: 6
    Last Post: 15 May 2006, 01:39 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •