Code: p1278 Severity: Warning
Description: This event is generated when an attempt is made to access the file ".htaccess" from a web server. Impact: If this request is successful, it could provide an attacker with valuable information needed to compromise the website. Corrective:
First determine if the attack is successful by requesting the file
yourself. If the request is granted, ensure that your web server is
configured to deny access to all files that begin with ".ht".
The default configuration for the Apache HTTP Server should include the
following section to prevent access to .ht files:
|
