We are going to see several examples of how to prevent access to files on our server.
For example, if when trying to access http://www.yourdomain.com/.htaccess you do not receive a “Forbidden“, it means that these types of files are not protected from access in your server settings. To fix this, edit (if it already exists) or create an .htaccess file in the root directory of your webspace with the following lines inside:
<Files .htaccess>
Order allow,deny
Deny from all
</Files>
In the same way you can block access to any other file:
<Files secretfile.txt>
Order allow,deny
Deny from all
</Files>
Note: This would affect any file with the name “secretfile.txt” that is on the server.
Additionally, using the FilesMatch directive, you can protect files with certain extensions:
<FilesMatch "\.(htaccess|htpasswd|ini|phps|log|bak|txt)$">
Order Allow,Deny
Deny from all
</FilesMatch>