log file normally contain some sensitive information about a website. it’s good to block .log file from being access by visitor. If log file is not block, hacker might use the log file content to launch attack or profile a website. If you are running apache webserver, you can easily block .log file using .htaccess
To block .log file using .htaccess, follow the steps below:-
- Go to your document root directory (normally it’s the folder name is ‘public_html’, ‘www’, ‘htdocs’ folder)
- Create a new .htaccess file (if you already have a .htaccess file, just edit it)
- Append the code below to your .htaccess file:-
<Files ~ "^.*\.(LOG|log|bak|bk|LCK)"> Order allow,deny Deny from all Satisfy All </Files> - Now you can try to upload a test.log file to your document root and try to access it, you should be seeing “Forbiden Error” or messages saying you cant read the file