If you're a Webhosting company sysadmin like me and you already have configured directory listing for certain websites / Vhosts and those files are mirrored from other development webserver location but some of the uploaded developer files extensions which are allowed to be interptered such as php include files .inc / .htaccess mod_rewrite rules / .phps / .html / .txt need to be working on the dev / test server but needs to be disabled (excluded) from delivery or interpretting for some directory on the prod server.
Open Separate host VirtualHost file or Apache config (httpd.conf / apache2.conf) if all Vhosts for which you want to disable certain file extensions and add inside:
<Directory "/var/www/sploits">
AllowOverride All
…
</Directory>
Extension Deny Rules such as:
For disabling .inc files from inclusion from other PHP sources:
<Files ~ ".inc$">
Order allow,deny
Deny from all
</Files>
To Disable access to .htaccess single file only
<Files ~ "^.htaccess">
Order allow,deny
Deny from all
</Files>
To Disable .txt from being served by Apache and delivered to requestor browser:
<Files ~ ".txt$">
Order allow,deny
Deny from all
</Files>
To Disable any left intact .html from being delivered to client:
<Files ~ ".html$">
Order allow,deny
Deny from all
</Files>
Do it for as many extensions as you need.
Finally to make changes affect restart Apache as usual:
If on Deb based Linux issue:
/etc/init.d/apach2 restart
On CentOS / RHEL and other Redhats / RedHacks 🙂
/etc/init.d/httpd restart
More helpful Articles
Tags: apache webserver, client, development, httpd, init, left, Linux, make, need, php, Virtualhost, www
Mozilla/5.0 (X11; U; Linux i686; it-IT; rv:1.9.0.2) Gecko/2008092313 Ubuntu/9.25 (jaunty) Firefox/3.8
Value added/partnership:-
View CommentView Comment