On Sat, 2007-02-10 at 18:16 +0530, ankush grover wrote: > hi friends, > > I have configured a HelpDesk Ticketing System on Fedora Core 5. The > problem I am facing is that there is a file called "site.xml" which > contains the information about database connections and I don't want > ppl to be able to read that file through browser. As per the > readme.htm of that software if the below entries will be put > in .htaccess then nobody can read the xml through browser. > > <Files ~ ".xml"> > Order allow,deny > Deny from all > Satisfy All > </Files> > > > Even though the above entries are there in .htaccess still I am able > to read "site.xml" file. How do I prevent the reading of this file ? First I would suggest fixing the broken web app so that connection information such as you file does not need to be stored in a directory that is served by apache. If you can't do that, are you sure your apache is configured to respect a .htaccess file? You might also want to change the order to deny,allow It's been awhile since I did anything with apache, but check the logs to see if there are any errors parsing the .htaccess file. Can you change the name of the xml file to .site.xml ? If I recall, apache doesn't serve files that start with a .
