Ok, I made my changes to /www/zendphp7/conf/httpd.conf and added
# protect .htaccess
<Files ~ "^.*\.([Hh][Tt][Aa])">
Order allow,deny
Deny from all
Satisfy all
as per: https://htaccessbook.com/protect-htaccess-files/

Before the change I could go to http://gdisys:10081/.htaccess and it would
display the contents of the file.
After the change (and bouncing that server with the httpadmin website) I
Forbidden - by rule.
You do not have permission to access /.htaccess on this server.

curl http://gdisys:10081/.htaccess
<TITLE>403 Forbidden</TITLE>
Forbidden - by rule.
<P>You do not have permission to access /.htaccess
on this server.<br />

curl http://gdisys:10081/Zend5250Emulator/.htaccess
still dumps the contents of the file. Perhaps there are options with curl
which say if at first you don't succeed with http try other protocols (or
some such thing).

Hopefully this will work with the Qualys audits.?.

Rob Berendt

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.