{"id":3485,"date":"2014-10-28T12:41:00","date_gmt":"2014-10-28T10:41:00","guid":{"rendered":"http:\/\/localhost\/helpcentre\/?p=3485"},"modified":"2025-12-29T15:10:07","modified_gmt":"2025-12-29T13:10:07","slug":"how-to-ensure-that-your-directory-is-securely-protected-via-a-htaccess-file","status":"publish","type":"post","link":"https:\/\/xneelo.co.za\/help-centre\/website\/how-to-ensure-that-your-directory-is-securely-protected-via-a-htaccess-file\/","title":{"rendered":"How to protect a directory via a .htaccess file"},"content":{"rendered":"<p>In order to <b>securely<\/b> protect your directory via a <b>.htaccess<\/b> file on your domain, please make sure that you adhere to the following <b>best practices<\/b>:<\/p>\n<ul>\n<li>If you are using an <b>access control directive<\/b> within a &lt;Limit&gt; section to limit access on specific HTTP methods (e.g. GET, POST), it is recommended to <b>remove the &lt;limit&gt; section<\/b> or to replace it with a &lt;LimitExcept&gt; section.<\/li>\n<li>A &lt;LimitExcept&gt; section should<b> always <\/b>be used in preference to a &lt;Limit&gt; section when restricting access, because a &lt;LimitExcept&gt; section provides <b>protection<\/b> against <b>arbitrary HTTP methods<\/b>.<\/li>\n<\/ul>\n<p>The following <b>example of a non-secure<\/b> configuration applies the access control <b>only<\/b> to the methods POST, PUT, and DELETE, which leaves all other HTTP methods <b>unprotected<\/b>:<\/p>\n<pre>&lt;Limit POST PUT DELETE&gt;\r\nRequire valid-user\r\n&lt;\/Limit&gt;<\/pre>\n<p>The following is an <b>example of a secure<\/b> configuration where the access control is applied to <b>all<\/b> HTTP methods except for POST, PUT, and DELETE. This <b>protects against attacks on all other<\/b> HTTP methods:<\/p>\n<pre>&lt;LimitExcept POST PUT DELETE&gt;\r\nRequire valid-user\r\n&lt;\/Limit&gt;<\/pre>\n<p>For more information, kindly visit the following link to the official <b>Apache <\/b>documentation:<\/p>\n<p><a href=\"http:\/\/httpd.apache.org\/docs\/2.2\/mod\/core.html#limit\" target=\"_blank\" rel=\"noopener\">http:\/\/httpd.apache.org\/docs\/2.2\/mod\/core.html#limit<\/a><\/p>\n","protected":false,"plain":"In order to <b>securely<\/b> protect your directory via a <b>.htaccess<\/b> file on your domain, please make sure that you adhere to the following <b>best practices<\/b>:\r\n<ul>\r\n \t<li>If you are using an <b>access control directive<\/b> within a &lt;Limit&gt; section to limit access on specific HTTP methods (e.g. GET, POST), it is recommended to <b>remove the &lt;limit&gt; section<\/b> or to replace it with a &lt;LimitExcept&gt; section.<\/li>\r\n \t<li>A &lt;LimitExcept&gt; section should<b> always <\/b>be used in preference to a &lt;Limit&gt; section when restricting access, because a &lt;LimitExcept&gt; section provides <b>protection<\/b> against <b>arbitrary HTTP methods<\/b>.<\/li>\r\n<\/ul>\r\nThe following <b>example of a non-secure<\/b> configuration applies the access control <b>only<\/b> to the methods POST, PUT, and DELETE, which leaves all other HTTP methods <b>unprotected<\/b>:\r\n<pre>&lt;Limit POST PUT DELETE&gt;\r\nRequire valid-user\r\n&lt;\/Limit&gt;<\/pre>\r\nThe following is an <b>example of a secure<\/b> configuration where the access control is applied to <b>all<\/b> HTTP methods except for POST, PUT, and DELETE. This <b>protects against attacks on all other<\/b> HTTP methods:\r\n<pre>&lt;LimitExcept POST PUT DELETE&gt;\r\nRequire valid-user\r\n&lt;\/Limit&gt;<\/pre>\r\nFor more information, kindly visit the following link to the official <b>Apache <\/b>documentation:\r\n\r\n<a href=\"http:\/\/httpd.apache.org\/docs\/2.2\/mod\/core.html#limit\" target=\"_blank\" rel=\"noopener\">http:\/\/httpd.apache.org\/docs\/2.2\/mod\/core.html#limit<\/a>"},"excerpt":{"rendered":"<p>Our Help Centre article provides a step-by-step guide to help you securely protect your directory via a .htaccess file on your domain. <\/p>\n","protected":false},"author":7,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"lsx_disable_title":"0","_relevanssi_hide_post":"","_relevanssi_hide_content":"","_relevanssi_pin_for_all":"","_relevanssi_pin_keywords":"","_relevanssi_unpin_keywords":"","_relevanssi_related_keywords":"","_relevanssi_related_include_ids":"","_relevanssi_related_exclude_ids":"","_relevanssi_related_no_append":"","_relevanssi_related_not_related":"","_relevanssi_related_posts":"","_relevanssi_noindex_reason":"","footnotes":""},"categories":[166,188],"tags":[11262],"topics":[10377],"class_list":["post-3485","post","type-post","status-publish","format-standard","hentry","category-website","category-website-security","tag-htaccess","topics-website-security"],"acf":[],"additional_meta":{"category_title":[{"term_id":166,"name":"Website","slug":"website","term_group":0,"term_taxonomy_id":166,"taxonomy":"category","description":"About your Website(s)","parent":0,"count":169,"filter":"raw","term_order":"120","cat_ID":166,"category_count":169,"category_description":"About your Website(s)","cat_name":"Website","category_nicename":"website","category_parent":0},{"term_id":188,"name":"Website Security","slug":"website-security","term_group":0,"term_taxonomy_id":188,"taxonomy":"category","description":"Securing your website","parent":168,"count":15,"filter":"raw","term_order":"122","cat_ID":188,"category_count":15,"category_description":"Securing your website","cat_name":"Website Security","category_nicename":"website-security","category_parent":168}],"tag_title":[{"term_id":11262,"name":"htaccess","slug":"htaccess","term_group":0,"term_taxonomy_id":11262,"taxonomy":"post_tag","description":"","parent":0,"count":3,"filter":"raw","term_order":"2600"}]},"featured_image_src":null,"author_info":{"display_name":"marketing","author_link":"https:\/\/xneelo.co.za\/help-centre\/author\/marketing\/","author_avatar":"https:\/\/secure.gravatar.com\/avatar\/a6ea315e112423b2b955cb020fbce2b0835956c6ad85ff0f13f1db298977eaaa?s=96&d=mm&r=g"},"_links":{"self":[{"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/posts\/3485","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/comments?post=3485"}],"version-history":[{"count":0,"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/posts\/3485\/revisions"}],"wp:attachment":[{"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/media?parent=3485"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/categories?post=3485"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/tags?post=3485"},{"taxonomy":"topics","embeddable":true,"href":"https:\/\/xneelo.co.za\/help-centre\/wp-json\/wp\/v2\/topics?post=3485"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}