And so they mainly benefit Apache and IIS servers. Apache web servers alone are used by more than 50% of the Internet's websites. So "the change hereDavidIQ wrote:Yes because they're needed for url rewriting, not to change server configuration. There is also a web.config file.Louis7777 wrote:Yes, and the .htaccess files are mainly for Apache web servers. Still, we have them.
And if you can change server configuration to your benefit I don't see what's wrong with it?
Other notable open source platforms that I use don't have any hesitation to enforce the desirable server configuration (if it can be applied of course). OpenCart for instance, takes security very seriously (since it's an e-shop platform), and offers a number of configuration options in its root .htaccess (such as max upload file size and max execution time for scripts) including "Options -Indexes" to prevent directory listings.
The OP suggested that we place it in the root .htaccess which means that it would apply for all the folders.DavidIQ wrote:That it provides a false sense of security since it would only apply to one folder? Doesn't really provide a whole lot of benefit and one could even argue it might be harmful to have the user think that everything is somehow ok with this "one line" in place. In any case if the developers want to add it then that's fine of course. I'm just giving my opinion.Louis7777 wrote:Anyway, it's just one line that benefits security - what's wrong with it?
And the code is just this:
Code: Select all
# Disable server signature
ServerSignature Off