.htaccess File Detected

Severity: Information

Invicti detected an exposed .htaccess file.


.htaccess files are configuration files for the Apache web server that can be used to override certain server configuration options on a per-directory basis using a human readable file.

If their contents are exposed, attackers can gain valuable insight into your server configuration and may read sensitive data can aid them in further attacks.

  • Make sure that .htaccess files are not readable when you directly access them via your web browser.
  • If possible try to apply the configuration options within the virtual host configuration file and deactivate the possibility of using .htaccess files.
    • This will not only enhance performance
    • Additionally it is more secure and helps to avoid situations where an attacker can upload their own .htaccess file to the server.

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works