Deny Access to Hidden Files and Directories with Apache .htaccess

View all our .htaccess Cheatsheet snippets here

Hidden files and directories (those whose names start with a dot .) should most, if not all, of the time be secured. For example: .htaccess, .htpasswd, .git, .hg...

RewriteCond %{SCRIPT_FILENAME} -d [OR]
RewriteCond %{SCRIPT_FILENAME} -f
RewriteRule "(^|/)\." - [F]

Alternatively, you can just raise a Not Found error, giving the attacker dude no clue:

RedirectMatch 404 /\..*$

Remember that for most rules you must have the RewriteEngine on rule in your .htaccess file!!!

Please remember to double check and verify any rules that you use. If you do not understand a rule please consult someone who does. Or if you are new, please take time to learn the basics of .htaccess. We accept no responsibility for your use of these rules - use them at your own risk. Please get in touch if you want us to add a rule!

This website is 100% free and one of the fastest loading .htaccess cheatsheet webpages on the web. It is all on one page, and optimised to help it quickly load and for you to easily find the .htaccess rules you need. Please get in touch if you have any questions.

If you use this please consider linking back to https://htaccesscheatsheet.com/

Based heavily (on its first version) from phanan/htaccess.

Snippets with specified source belong to their respective owners and have their own license(s), whenever appropriate.

Other content belongs to the public domain. Refer to Unlicense for more information.

Home • Contact/About us • Terms and Conditions • We do not set any cookies on our website. Please refer to our privacy policy for more details about our cookies.