Changes in .htaccess

  • Resolved Daniram

    (@daniram)


    8 years, 8 months ago

    Hello,

    after hardening a new site of mine, I noticed that .htaccess file in “uploads” folder contains this:

    <FilesMatch "\.(?i:php)$">
  <IfModule !mod_authz_core.c>
    Order allow,deny
    Deny from all
  </IfModule>
  <IfModule mod_authz_core.c>
    Require all denied
  </IfModule>
</FilesMatch>

    while in another “uploads” folder of another (older) site of mine the .htaccess contains the following:

    <Files *.php>
deny from all
</Files>

    Is this is normal or has one of my sites sucuri plugin been hacked/modified?
    If normal, should I re-harden all of the older sites? And what are the benefits/improvement of doing this?

    Thanks

    https://www.ads-software.com/plugins/sucuri-scanner/

Viewing 1 replies (of 1 total)

  • It is normal, please re-harden those directories from the old sites. The code that you show in the second panel only works in Apache 2.2 or lower, while the code that you show in the first panel works in Apache 2.4 and (hopefully) greater. Additionally, the old code was targeting files with the extension “.php” but files in upper case or mixed characters like “.Php”, “.PHP”, or “.pHp” were not being protected, the new code protects any file with the PHP extension no matter the character case.

Viewing 1 replies (of 1 total)
  • The topic ‘Changes in .htaccess’ is closed to new replies.