Skip to main content

Server Security - Secure Your Website using. Htaccess file

What is .htaccess file

.htaccess files provide a way to make configuration on a per-directory basis. In the .htaccess file, we provide directives to apply a configuration.

When to use .htaccess

Generally, this file should be used when you have no access to your server configuration file (httpd.conf).

The best example would be shared hosting providers where you don’t get root access to make changes in httpd.conf file. In such scenarios .htaccess plays a very important role.

In shared hosting, we make .htaccess files to secure our websites. We create this file on each directory to secure it from hackers or attackers.

When to avoid .htaccess file

We should not use this if we have access to our main configuration file.

There are two main reasons to avoid the use of .htaccess file.

The first of these is performance. When AllowOverride is set to allow the use of .htaccess files, httpd will look in every directory for .htaccess files. Thus, permitting .htaccess files cause a performance hit.
The Other reason is .htaccess file is loaded every time a document is requested.  

One should go with .htaccess file only when there is no other option left.

How to create .htaccess file

Step 1: Go inside the root directory of your website. And then create an empty file with the extension .htaccess

So now website folders are looking like this

Website Directory

If you haven’t read my previous server security article then please check out this

How to secure the server using .htaccess

Hide Server Details On Page Footer

First, we will hide our server details on footer which gets visible when error pages get displayed. To do this I will add the ServerSignature directive and set its value to Off. The ServerSignature will hide the server details on the footer.

Website - Page not found with footer

Thus, we will add the below line then save the file and restart the server.

ServerSignature Off

Website - Error 404 Page not found

Hide Directory Listing

When there is no default file is available in the directory which is generally index.html or index.php then the server gets confused which file to show and it displays all the files and folders. This is quite dangerous because if an attacker finds this then they can misuse the data.

when no default file is available it displays contents like this

Website directory structure

In order to hide the content, we will add the below line save the file, and restart the server.

Options -Indexes

Website directory structure hidden
Directory is no longer visible

In this article, we have seen the other way of securing our website when we do not have access to the server main configuration. I hope you have learned something new with this article.

Labels:

Comments

Post a Comment

Popular posts from this blog

Automation - Update Naukri Profile Using Selenium

Recently one of my friend came to me with a problem. He is looking out for new job but he feels quite boring to update  his profile on daily basis. As some people says updating profile in the morning gives you more calls as it keeps the newly updated profile on top (Although i don’t know whether naukri works this way or not 😀 ). As i was more interested to solve his problem.  After listening his problem i came to solution that instead of updating it manually lets make this job automatic. And it is quite interesting how we can automate our daily boring task with automation. Another day i came with the solution . And the solution was to make it automatic using selenium (Those who are not aware about selenium do check this link) In short, Selenium is a Testing automation Framework. And it is for automating web applications for testing purposes, but is certainly not limited to just that. Boring web-based administration tasks can (and should) also be automated as well....
Post a Comment
Read more

OpenCV - Drawing a Circle with python

In this tutorial, I will show you how to draw a circle in OpenCV. OpenCV comes with lots of built-in functions that make our life easier especially when we are working on image processing .  And there is a function called circle in OpenCV which is used to draw a circle. This function takes following parameters: 1. Image : Takes an image object 2. Center : Center point coordinates 3. Radius : Radius of the circle 4. Color : Takes color in BGR format 5. Thickness : By default set to 1 (optional) 6. Line Type : By default set to 8-connected.It can also be  LINE_AA  or  4-connected  (Optional) 7. Shift:  Shifts fractional bits in the point coordinates of center and radius (Optional) Especially when we are creating closed shapes. Thickness plays an important role. Here if the negative thickness is passed in this function or any other function which creates a closed shape(rectangle, polygon, etc). Then it creates a filled shape (filled with color). Negative Thickness Filled Circle Positive ...
Post a Comment
Read more

PS3 - Dragon Ball Z Battle Of Z - RPCS3 Setting

Hi GuyZ, Today, I am going to show you, how to play PS3 games on PC using the RPCS3 Emulator. It is very easy to set up and play PS3 Games. I got to know about this emulator some time ago and I thought I should give it a try . Initially I was not sure that whether it would work or not. But at last, it worked. I found it very easy to set up and play PS3 games . Although this emulator is still in the development stage so you may encounter some errors. I haven’t got any errors. In this tutorial, I am using the PS3 PKG file. This emulator also supports dumping ps3 disc and ISO Images. Prerequisites: RPCS3 Emulator PS3 Update File Microsoft Visual C++ 2019 Redistributable PS3 .pkg and Rap File Important Tip Before downloading any game make sure it comes under the playable section of rpcs3 compatibility. To check which game you can play using RPCS3 click HERE. Games that are showing in the Playable Section are actually the games that are in running state and can be played using RPCS3 E...
Post a Comment
Read more