Forum Moderators: phranque
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example\.com
RewriteRule ^(.*) http://www.example.com/$1 [R=301,L]
</IfModule>
This works when placed in the root folder; i.e., the same folder as contains /index.html, my home page. However, when I place it in the folder above that, example.com/ is redirected to http://www.example.com/public_html/ , which triggers a 404.
So I have two questions:
1) Why does this error occur, and can it be fixed, while keeping .htaccess in the directory above root?
2) I prefer placing .htaccess in the directory above root for security reasons. It seems to me it will be more difficult for someone to request and obtain the file from there rather than in root. Is this a misplaced concern?
It seems to me it will be more difficult for someone to request and obtain the file from there rather than in root. Is this a misplaced concern?
Yes, this is probably a misplaced concern for your Apache server setup. In the default configuration, a rule is present in the central Apache configuration file httpd.conf which prohibits the request of all files which start with ".ht" independent of the directories where these files reside. This includes .htaccess, but also .htpasswd if you have password protected parts of your site.
This protection does however only work when people try to access the .htaccess file with a web browser. If you have a shared hosting account, and people have SSH access to the server or FTP access which doesn't set root access to the home directory of each individual user, then someone who has an account on that shared web server may directly access the .htaccess file.
