Scott Silva wrote:
ankush grover spake the following on 2/10/2007 2:11 AM:
hi friends,
I have configured a HelpDesk Ticketing System on Centos4.4. The problem I am facing is that there is a file called "site.xml" which contains the information about database connections and I don't want ppl to be able to read that file through browser. As per the readme.htm of that software if the below entries will be put in .htaccess then nobody can read the xml through browser.
<Files ~ ".xml"> Order allow,deny Deny from all Satisfy All
</Files>
Even though the above entries are there in .htaccess still I am able to read "site.xml" file. How do I prevent the reading of this file ?
HelpDesk Ticketing Software is under /var/www/html/request and .htaccess is also under /var/www/html/request.
Please let me know if you need any further information.
Did you try to chown to root:root and chmod to 600? That should keep apache from reading the file.
Since it is a web application, that would also keep the application from reading its own configuration file...
Putting the restriction in a conf file in /etc/httpd/conf.c is the cleanest way to handle this.