Web Servers on Unix and Linux - .htaccess prevents itself from being viewed but not "sess*" files in directo

This is Interesting: Free IT Magazines  
Home > Archive > Web Servers on Unix and Linux > December 2006 > .htaccess prevents itself from being viewed but not "sess*" files in directo





You are viewing an archived Text-only version of the thread. To view this thread in it's original format and/or if you want to reply to this thread please [click here]

Author .htaccess prevents itself from being viewed but not "sess*" files in directo
phillip.s.powell@gmail.com

2006-12-05, 7:18 pm


<Directory />
Options -Indexes
</Directory>

<Files ~ "^\.ht">
order allow,deny
deny from all
</Files>

<Files ~ "^sess[a-zA-Z0-9\-_\.]*$">
order allow,deny
deny from all
</Files>


This is designed to prevent itself, all files beginning with "sess" and
the directory listing from being viewed.

Right now I get the expected 403 Forbidden if I try to view the
directory listing and if I try to view .htaccess itself via browser,
however, when I try to view any file beginning with "sess" it lets me
view it though it's not supposed to do so.

I tried every known regular expression pattern onto "sess" and all
failed to block. Is there something else I need to do to prevent
"sess" files from being blocked? They are php session files and I
don't really have any control over permission settings for these files
else I would not bother with .htaccess

Thanx
Phil

Sponsored Links






Free braindumps | Software forum | Database administration forum

Copyright 2003 - 2008 webservertalk.com