Hi there, PCI scanning reports the below issue for my Joomla site. "It is possible to retrieve file backups from the remote web server" I've checked it manually by accessing http://site.com/component/user/~ Basically it does not throw 404 error while accessing http://site.com/component/user/~ I want to throw 404 error or redirect to home page while accessing any directory using ~ So what i have tried is to add below line in my .htaccess RewriteCond %{REQUEST_URI} ![~]$ [NC] However this does not work. Can any Joomla/Apache expert please advise if there is any other way to fix this or if above command is correct and where exactly should it be placed. I've tried putting this under root directory and under /joomla/components/mod_user directory. This is in shared hosting. Thanks.
Hmmmm, probably the best way to solve this would be to ask you host to put a <LocationMatch> directive into your site's vhost configuration to deny access to any URL ending in a tilde (~). If you (or they) are not able to do that, try adding the following rule above your other RewriteRule or RewriteCond lines in your .htaccess file: RewriteRule \~$ - [F] Code (markup): For example: RewriteEngine On RewriteBase / RewriteRule \~$ - [F] [other rules go here] Code (markup): (obviously, the exact layout will depend on your current .htaccess file) I don't have a joomla site to test this one, but I tested it on a Wordpress and a generic site so it should work fine.