How to protect a directory via a .htaccess file

In order to securely protect your directory via a .htaccess file on your domain, please make sure that you adhere to the following best practices:

If you are using an access control directive within a <Limit> section to limit access on specific HTTP methods (e.g. GET, POST), it is recommended to remove the <limit> section or to replace it with a <LimitExcept> section.
A <LimitExcept> section should always be used in preference to a <Limit> section when restricting access, because a <LimitExcept> section provides protection against arbitrary HTTP methods.

The following example of a non-secure configuration applies the access control only to the methods POST, PUT, and DELETE, which leaves all other HTTP methods unprotected:

<Limit POST PUT DELETE>
Require valid-user
</Limit>

The following is an example of a secure configuration where the access control is applied to all HTTP methods except for POST, PUT, and DELETE. This protects against attacks on all other HTTP methods:

<LimitExcept POST PUT DELETE>
Require valid-user
</Limit>

For more information, kindly visit the following link to the official Apache documentation:

http://httpd.apache.org/docs/2.2/mod/core.html#limit

Search for a domain

Transfer a domain

Web Hosting

Managed WordPress Hosting

Volume Plan

Managed Servers

Self-Managed Servers

Colocation

Recent Insights

Advice

News

Product Updates

Customer Stories

Guides

Contact us

Help Centre

Network Status

Introducing the xneelo Control Panel

How to protect a directory via a .htaccess file

Feedback

Was this article helpful?

Expert advice & more, straight to your inbox.

Products

Company

Assist

Legal

Thanks for watching our video!

Email-this-article form

How to protect a directory via a .htaccess file

Feedback

Was this article helpful?

Related Posts:

Expert advice & more, straight to your inbox.

Social Media

Products

Company

Assist

Legal