Its been a long time since I've needed to crack open an .htaccess file...
What is the simplest way to 40x prevent access to a specific file extension though out the entire site?
+1
A:
<FilesMatch "\.ext$">
Deny from all
</FilesMatch>
See the Apache documentation on FilesMatch and Deny
EDIT: Artefacto makes a good point, this will return 403, not 404, if that's important for your purposes
Michael Mrozek
2010-05-18 18:40:53
+2
A:
<FilesMatch "\.(htaccess|htpasswd|ini|log|sh|inc|bak)$">
Order Allow,Deny
Deny from all
</FilesMatch>
Loaded with some common extensions, add more as you need.
Chris Lawlor
2010-05-18 18:43:50
+1
A:
If you really want a 404 (and not a 403), you can use mod_rewrite:
RewriteEngine on
RewriteRule \.ext$ - [R=404]
Artefacto
2010-05-18 18:48:04
sorry - 403 is what I should use. I edited the question to say 40x.
Stevko
2010-05-18 19:36:30
Note that RFC 2616 allows a 404 response when the access to a resource is forbidden (see section 10.4.4). So your original question was valid.
Artefacto
2010-05-18 20:08:29