Lets say you want to keep folks out of .ini .dat .log .htaccess and .db files:

<Files ~ "\.(ini¦dat¦log¦htaccess¦db)$">
deny from all
</Files>

Just put that in your htaccess. I am sure you see the pattern of file file extensions there...

What might the code be for stopping a user from viewing an htaccess file

It's not normally possible.

If your have users viewing your htaccess file?
You have much bigger problems than the contents of that file.

Thanks, Brett. Should I just put it at the very top before any rewrites or the like?

Why is it not normally possible without some kind of code?

I put mine after the rewrites. If I understand the parsing engine correctly, it will stop at a rewrite that matches and take that action. Thus - saving a tiny amount of time and resources.

Access to .htaccess is denied by default. Note that the correct filename starts with a '.'

Here is the line in apache's configuration:

<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</Files>

It protects all files beginning with '.ht'

Brett, I tried that code and it didn't seem to work. A direct request still displays the file.

Any solutions?

Completely flush your browser cache and try it again...

Jim

Which file are you able to read?

htaccess

or

.htaccess

rjwmotor,

As others have said, by default you can't view a dothtaccess file by typing its name e.g. example.com/.htaccess

That's only true of the server has been set up to deny access.

You mean file permissions has nothing to do with it?

I've had four different hosts (five if you count my current provider change in service) in the past 8+ years and htaccess has not been available to the public with any.

this is usually set up in the server config and is the apache default config.

this is similar to the *nix behavior of hiding file names starting with a '.' in listings by default.

In my post "of" should be "if".