[CentOS] How to prevent reading of an xml in a particular directory from browser in apache on Centos4.4

Mon Feb 12 03:32:33 UTC 2007
Jim Perrin <jperrin at gmail.com>

> Even though the above entries are there in .htaccess still I am able
> to read "site.xml" file. How do I prevent the reading of this file ?

.htaccess files are only good if you're allowing them via the
AllowOverrides option in your httpd.conf. By default this option is
off, and if you have administrative access to the box it should stay
that way, as using .htaccess files will cause a (slight) performance
hit.

You don't really need the satisfy statement there either. I'd create a
helpdesk.conf file in /etc/httpd/conf.d/ with:

<Directory "/var/www/html/request">
  <Files "site.xml">
   Order allow,deny
   Deny from all
  </Files>
#other directory wide modifications, custom 404, etc.
</Directory>

If all you're protecting is that one file, you don't really need the
~, as that enables full regex matching, which should really be done
with FilesMatch

Alternatively if you really want to block all xml files, use this:

<Files  ~ "\.xml$">



-- 
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell