Regarding this answer, is correct to add the file debug.log in this way?
RewriteRule (?:debug|readme|license|changelog|-config|-sample)\.(?:php|md|txt|html|log?) - [R=404,NC,L]
Kind Regards
Regarding this answer, is correct to add the file debug.log in this way?
RewriteRule (?:debug|readme|license|changelog|-config|-sample)\.(?:php|md|txt|html|log?) - [R=404,NC,L]
Kind Regards
Share Improve this question asked Oct 5, 2020 at 14:57 Ponzio PilatoPonzio Pilato 1111 bronze badge 2 |1 Answer
Reset to default 1Yes, basically debug.log, but without deny, with 404
Yes, that directive will serve a "404 Not Found" when attempting to request debug.log
.
|log?
However, because of the ?
in the above regex, it will also block debug.lo
. Is that intentional? In fact, if that is intentional then you could simply remove the g?
part - since it serves no purpose. But if not, then remove the trailing ?
to match debug.log
only.
However, it also potentially blocks any URL that simply contains debug.log
in the URL-path (since there are no anchors ^
or $
or word boundaries on the regex). For example, the following innocent URL(s) will also be blocked if the directive appears before the WordPress front-controller:
/what-is-the-meaning-of-debug.log-on-my-filesystem
/are-changelog.md-files-really-necessary
(Should you have articles with such a title/slug.)
For this reason, this directive should probably be located at the end of the .htaccess
file, after the WordPress front-controller, so that you only block access to physical files. This will also be marginally more efficient.
[R=404,NC,L]
- minor point... the L
flag is not strictly required here. L
is implied when specifying a non-3xx return code.
To simply block (with a 404) requests for debug.log
(all lowercase) in the document root only then the following would be sufficient:
RewriteRule ^debug\.log$ - [R=404]
debug.log
from HTTP access then that directive arguably does too much. Since there are no anchors on the regex it could potentially conflict with valid URLs - depending on where you place the directive in your.htaccess
file. Then again, it could do exactly what you require. – MrWhite Commented Oct 5, 2020 at 16:28