Thread: .htaccess prevents itself from being viewed but not "sess*" files in directory
View Single Post

  #2 (permalink)  
Old 12-06-2006
HansH
 
Posts: n/a
Default Re: .htaccess prevents itself from being viewed but not "sess*" files in directory
<phillip.s.powell@gmail.com> schreef in bericht
news:1165360511.201238.220110@l12g2000cwl.googlegr oups.com...
> <Directory />
> Options -Indexes
> </Directory>
>
> <Files ~ "^\.ht">
> order allow,deny
> deny from all
> </Files>
Odd you have do set this yourself, should be in httpd.conf.

> <Files ~ "^sess[a-zA-Z0-9\-_\.]*$">
Try <Files ~ "^sess[a-zA-Z0-9\-_,]*$">
See 'session.hash_bits_per_character' at
http://www.php.net/manual/en/ref.session.php

> order allow,deny
> deny from all
> </Files>

> This is designed to prevent itself, all files beginning with "sess" and
> the directory listing from being viewed.
Your session.save_path in php.ini should be set _outside_ the document tree

HansH