Ok, I made my changes to /www/zendphp7/conf/httpd.conf and added
# protect .htaccess
<Files ~ "^.*\.([Hh][Tt][Aa])">
Order allow,deny
Deny from all
Satisfy all
</Files>
as per:
https://htaccessbook.com/protect-htaccess-files/
Before the change I could go to
http://gdisys:10081/.htaccess and it would
display the contents of the file.
After the change (and bouncing that server with the httpadmin website) I
get
Forbidden
Forbidden - by rule.
You do not have permission to access /.htaccess on this server.
QSH
curl http://gdisys:10081/.htaccess
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>403 Forbidden</TITLE>
</HEAD><BODY>
<H1>Forbidden</H1>
Forbidden - by rule.
<P>You do not have permission to access /.htaccess
on this server.<br />
</body></html>
$
However
curl
http://gdisys:10081/Zend5250Emulator/.htaccess
still dumps the contents of the file. Perhaps there are options with curl
which say if at first you don't succeed with http try other protocols (or
some such thing).
Hopefully this will work with the Qualys audits.?.
Rob Berendt
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.