Pre-requirements
- Access to your server's (dot)htaccess file or equivalent configuration file for web servers like Apache or NGINX.
- Basic understanding of rewrite rules and file permissions.
- Administrator access to your cPanel or SSH access for direct file manipulation.
Why Block Dot (.) Files?
Dot (.) files are often configuration files or hidden files that contain sensitive data. Allowing public access to these files via URLs (e.g., domain.com/.file) can expose your server to security risks. Blocking access to these files ensures that unauthorized users cannot view or download them.
Method 1: Block Dot Files Using (dot)htaccess
The simplest way to block access to dot (.) files in Apache is by using rewrite rules in your (dot)htaccess file:
RewriteEngine On
RewriteRule (^\.|/\.) - [R=406,L]Steps to Add This Rule:
- Log in to your cPanel and go to File Manager.
- Navigate to your site's public_html directory (or the document root).
- If you cannot see the (dot)htaccess file, click on the Settings button in File Manager and enable Show Hidden Files (dotfiles).
- Open or create the (dot)htaccess file and add the following lines:
RewriteEngine On RewriteRule (^\.|/\.) - [R=406,L] - Save and close the file.
Gotchas to Avoid
- Ensure that your server has the mod_rewrite module enabled. Without it, rewrite rules in the (dot)htaccess file will not function.
- Be careful not to block critical system files (e.g., (dot)htaccess, .htpasswd), which need to be accessed by the server.
Method 2: Blocking Dot Files via NGINX
If you're using NGINX as your web server, you can block access to dot (.) files by adding the following rule to your server block configuration:
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}Steps for NGINX Configuration:
- Log in to your server via SSH.
- Open your NGINX configuration file (usually located at /etc/nginx/nginx.conf or in the site-specific config file inside /etc/nginx/sites-available/).
- Add the following block:
location ~ /\. { deny all; access_log off; log_not_found off; } - Save the file and restart NGINX:
sudo systemctl restart nginx
Gotchas to Avoid
- Make sure you don't accidentally block other legitimate files by misconfiguring the NGINX location block.
- Test the server configuration before deploying it to ensure no access is broken.
Method 3: Block Access Using File Permissions (Linux)
Another approach is to adjust file permissions so that these dot (.) files cannot be accessed by unauthorized users.
Steps for Changing File Permissions:
- Log in to your server via SSH.
- Navigate to the directory containing the dot (.) files you want to protect.
- Set file permissions to restrict access. For example, to deny public access:
This sets the file to be readable and writable only by the owner.chmod 600 .filename
Gotchas to Avoid
- Ensure the file owner (typically the web server user) still has the necessary permissions to access these files.
- Permissions can vary by server setup, so use ls -l to check permissions before making changes.
Blocking access to dot (.) files is an essential security measure to prevent unauthorized access to hidden or sensitive files on your server. Whether you use (dot)htaccess, NGINX configuration, or file permissions, ensuring that these files are not publicly accessible will improve your site's security posture.
Linux Command to Check Access Permissions
To verify access permissions for dot files, use the following command:
ls -la | grep ^\.This will list all dot files in the current directory along with their access permissions.
