You want to conceal files in a directory on your webserver. Other internet boards tell you to simply move the stupid thing out of the web directory. Chances are, you would have done that obvious thing had you been able to. Let’s fix that.
If you are here, you are likely using a hosted solution that has you chrooted into your home directory, leaving you with .htaccess files as your only choice.
In this article, I will show you two very fast .htaccess methods to hide your files.
You want 404 instead of 403
403 Forbidden is great, but still exposes the fact that a specific file exists. While we may be paranoid, why even give up the mere fact that files or directories exist, when it is just as easy to return a “404 Not Found” response.
It is better to not let people (potential attackers) know that certain files and directories exist at all. The following 2 simple .htaccess commands will instantly solve your problems and not interfere with any other .htaccess setup you may have.
These 2 options represent complete .htaccess files, not just snippets of them. It really is that simple. I have found them invaluable for the occasional directory that I want to make disappear on my sites.
Solid Tip: Simply put one of the following 2 options in an .htaccess file in the directory you want to hide, not in the root of your site!
Method 1: RedirectMatch
It doesn’t get any easier than 1 line.
RedirectMatch 404 ".*"
Method 2: RewriteRule
I prefer the other method, but here’s another option.
RewriteEngine On RewriteRule ^.*$ /404 [L]
Which One Should I Use?
Depends on what modules you have installed with Apache. It’s either mod_alias or mod_rewrite.
Even Apache’s documentation says you should go for RedirectMatch, so use that unless you have to use the RewriteRule:
mod_alias provides the Redirect and RedirectMatch directives, which provide a means to redirect one URL to another. This kind of simple redirection of one URL, or a class of URLs, to somewhere else, should be accomplished using these directives rather than RewriteRule. RedirectMatch allows you to include a regular expression in your redirection criteria, providing many of the benefits of using RewriteRule.
Just put that one-liner .htaccess file in your directory and it will instantly disappear.