Your website may contain many different types of files. Some are obvious, such as html and php files, but there are also image files (jpg, gif, png) and initialization files (ini) files. If you do not take measures to prevent direct access, a visitor can simply type the path of the file and view it. For example, if there are two files named start.ini and config.ini that house configuration settings, a person can type example.com/start.ini or example.com/config.ini in their browser and view the text of the files.

This may not be a big deal for image files, but viewing log files and ini files can be dangerous. Preventing access to the .ini file type in the .htaccess file will simply give them an access denied error when trying to view the files. Follow the steps below to prevent access to specific file types via your .htaccess file.

How to prevent access to certain file types using .htaccess

  1. Log into your cPanel dashboard.
  2. Locate the Files category on the right-hand panel. From there click on the File Manager icon.
    select file manager icon
  3. A popupbox will appear for you to choose which directory you want to begin in. For the primary domain, simply click on the Web Root radio button. For addon or subdomains, click on the radio button next to the dropdown labeled Document Root for: and choose the desired option. Ensure the checkbox next to Show Hidden Files (dotfiles) is checked as the .htaccess is a hidden file. Click on the Go button to continue.
    choose landing directory
  4. This leads you to your chosen folder. From here, look through the right-hand panel to find your .htaccess file. Click on the file name to highlight the file and then click on the Edit icon found in the toolbar across the top of the page.
    select file editor
  5. Youare now in the .htaccess file editor where you will insert the code. Copy and paste the code below into the .htaccess file at the top. You will notice the first line contains a list of common file types (htaccess, htpasswd, ini, psd, log, sh). Feel free to add additional file types or remove any you do not want to block. Be sure to use | in between file types to separate them.

    <FilesMatch "\.(htaccess|htpasswd|ini|psd|log|sh)$">
    Order Allow,Deny
    Deny from all
    </FilesMatch>
  6. Once you have inserted the code and edited it for the file types you wish to block, click on the Save Changes button to activate the new code. Below is a before and after sample of a file named start.ini and how it would display with the code inserted.
    BeforeAfter
    before block code after block code inserted


Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve our Help Center:
Email Address
Optional, but our team may contact you for more information.
Did you find this article helpful?

Post a Comment

Name:
Email Address:
Comment:
Are you a bot?
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

News / Announcements

Update to SSL Certificates - Certificate Warnings
2014-04-14 10:38 am EST
Hits: 710

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!

Help Center Search

Current Customers

Email: support@WebHostingHub.com Ticket: Submit a Support Ticket
Call: 877-595-4HUB (4482)
757-416-6627 (Intl.)
Chat: Click To Chat Now

Ask the Community

Get help with your questions from our community of like-minded hosting users and Web Hosting Hub Staff.

Not a Customer?

Get web hosting from a company that is here to help.