Hardening HTAccess, Part Two

by Robert Hansen
Sept. 23, 2017 0 comments Symantec htaccess

Since the user has not yet been authenticated, if the user attemts to go to www.yoururl.com/private/index.cgi they will see www.yoururl.com/401.cgi but the URI string will still say www.yoururl.com/private/index.cgi regardless. This can be used to our advantage. We'll come back to that.

https://www.symantec.com/connect/articles/hardening-htaccess-part-two