Project Detalis
Github Repository: https://github.com/byteball/byteball-web/
Platform: https://byteball.org
Expected Behaviour
The htaccess file is used to stop users from accessing certain files and folders. It should not be available to anyone and should be hidden according to its RFC.
Actual Behaviour
.htaccess file is available to anyone to view.
Steps to Reproduce
- Visit https://byteball.org/.htaccess in browser and it will be downloaded which can be viewed using any text editor.
or curl https://byteball.org/.htaccess will also work in terminal.
Possible Fix
Add this code to .htaccess file
<files .htaccess> order allow,deny deny from all </files>