Skip to main content

Remediation Steps

Follow the steps below to remediate this finding on Apache webserver.

  1. Prevent direct access to .htaccess files by adding the following to your main Apache configuration (apache2.conf or httpd.conf):

    <Files ".ht*">
Require all denied
</Files>

  2. This blocks access to .htaccess, .htpasswd, and similar files.

  3. Reload Apache:

    sudo systemctl reload apache2
Back to top