If I enable Directory index to browse folder in my website without index file, the htaccess file are viewable and downloadable. Why htaccess are viewable ? If I disable directory index, it it not viewable but still can be downloaded. Example, go to http://www.filewebload.com/download/.htaccess . I'm using Lxadmin with lighttp
My Apache conf files has these lines that prevent access: # # AccessFileName: The name of the file to look for in each directory # for access control information. # AccessFileName .htaccess # # The following lines prevent .htaccess files from being viewed by # Web clients. Since .htaccess files often contain authorization # information, access is disallowed for security reasons. Comment # these lines out if you want Web visitors to see the contents of # .htaccess files. If you change the AccessFileName directive above, # be sure to make the corresponding changes here. # # Also, folks tend to use names such as .htpasswd for password # files, so this will protect those as well. # <Files ~ "^\.([Hh][Tt]|[Dd][Ss]_[Ss])"> Order allow,deny Deny from all Satisfy All </Files> Code (markup): But a lot of that is because I am on a Mac. On Linux or Unix you could change the <Files line to this instead: <Files ~ "^\.ht"> Code (markup):