deny access to .bash_profile .bashrc .bash_history apache

Hello all,

You would have come across a situation where you had pointed the website to user’s home directory, where the user’s default files like .bash_profile .bashrc .bash_logout and .bash_history will be accessible from browser, which is a security drawback. We can deny access to those files by adding the below configuration file either in main httpd.conf file or virtualhost configuration just below DocumentRoot directive for the respective domains. This will deny access to web clients from viewing the contents of any filename that starts with .bash

       <Files ~ "^\.bash">
            Order allow,deny
            Deny from all
            Satisfy All

Thanks for viewing

Leave a Reply

Protected by WP Anti Spam