The hoster has the server configured so that when you try to view the directory (via http) without .html files it issues Access denied. Ok, that is necessary.

But in this directory, in addition to scripts, there are also configuration text files, for example, functions.ini, in which settings for scripts are specified. With a direct call, the browser quietly shows the contents of these files. How to ban it? When I try to put a ban on reading (200), server error is naturally obtained, since scripts need to read it.

I unfortunately not strong in .htaccess, if you can configure this with it. Help pliz! Thank!

    1 answer 1

    The ban on issuing a listing of an empty directory has been made to you by the option:

    Options -Indexes

    And you need to additionally prohibit viewing ini-files :

     <FilesMatch "functions.ini"> Order allow,deny Deny from all </FilesMatch>

    For Apache after 2.4, you need to do this:

     <FilesMatch "functions.ini"> Require all denied </FilesMatch>

    All ini-files and conf-files:

     <FilesMatch "\.(ini|conf)$"> </FilesMatch>