Apache (.htaccess or vhost):
<Directory "/var/www/html/auth/"> Require ip 10.0.0.0/8 Deny from all </Directory>
<FilesMatch ".(txt|log|bak)$"> Require all denied </FilesMatch>New- Inurl Auth User File Txt Full
Nginx:
location ~ /auth/.*\.(txt|log|bak)$
deny all;
return 403;
If you find your sensitive files indexed, immediately: Apache (
If you are a system administrator, developer, or DevOps engineer, implement the following layers of defense. Nginx: location ~ /auth/
Use HTTP authentication (.htpasswd) for directories containing admin or backup files.