Prevent Apache from displaying text files within a web browser

23rd May 2012

When you download Drupal, there are several text files that are placed in the root of your installation. You don't want or need these to be visible to anyone attempting to view them in a browser - especially CHANGELOG.txt as that includes the exact version of Drupal you are running and could therefore have security implications.

Rather than delete these files or change the file permissions manually for each file, I can add the following lines into my VirtualHost configuration:

<Files ~ "\.txt$">
    Order deny,allow
    Deny from all
</Files>

This prevents any files with a .txt extension from being accessed and rendered in a web browser.

Tags: apache, code, drupal

« How to add a date popup calendar onto a custom form
Writing a .info file for a Drupal 7 theme »

About the Author

Picture of Oliver

Oliver Davies is a Web Developer, System Administrator and Drupal specialist based in the UK. He is a Senior Developer at Microserve and also provides freelance consultancy services for Drupal websites, PHP applications and Linux servers.

Drupal Association Individual Member I built Drupal 8 with hand holding a wrench on blue background Acquia Certified Developer - Drupal 8 Exam Badge
Availability

Currently have limited part-time capacity

Currently no spare full-time capacity.

Latest blog posts