Application security encompasses measures taken throughout the application's life-cycle to prevent exceptions in the security policy of an application or the underlying system (vulnerabilities) through flaws in the design, development, deployment, upgrade, or maintenance of the application.

Monday, August 6, 2012

What is .htaccess file?

Hypertext Access, commonly shortened to htaccess, is a configuration file which controls the directory it is placed in and all the subdirectories underneath it. The htaccess file is a configuration file which is used on Apache based web servers to control many features of the server. The file itself is just a small basic text file and can be edited via your hosts file manager or alternatively you can download the file, edit it and reupload it.

If you have installed a script before then chances are you have had to edit the .htaccess file at one point or another. The .htaccess file gives you a lot of control and lets you easily redirect pages, password protect directories and much more.
Where is the .htaccess file?

The first thing you need to do is find out if your host actually lets you edit htaccess files. Because of security problems which can arise, many hosts stop their customers from editing it the .htaccess file. Therefore you should check the Frequently Asked Questions area of your host to see if you have permission to edit the file (failing that, email them).

Some operating systems may not show the .htaccess file on your computer so you may need to make sure settings show hidden files as well. Likewise some FTP Clients will not show the .htaccess file when you connect to your host so you need to make sure that your FTP is set up to show hidden files too (I personally use FileZilla and that shows .htaccess by default). The list of configuration possible using .htaccess file:
 Custom error message
  1. Redirects
  2. Password protection
  3. Deny visitors by IP address
  4. Deny visitors by referrer
  5. Hot link prevention techniques
  6. Blocking offline browsers and 'bad bots'
  7. DirectoryIndex uses
  8. Adding MIME types
  9. Enable SSI with .htaccess
  10. Enable CGI outside of the cgi-bin
  11. Disable directory listings
  12. Setting server timezone
  13. Changing server signature
  14. Preventing access to your PHP includes files
  15. Prevent access to php.ini
  16. Forcing scripts to display as source code
  17. Ensuring media files are downloaded instead of played
  18. Setting up Associations for Encoded Files
  19. Preventing requests with invalid characters

No comments:

Post a Comment