Hardening HTAccess, Part Two

by Robert Hansen Sept. 1, 2017 via Symantec

Since the user has not yet been authenticated, if the user attemts to go to www.yoururl.com/private/index.cgi they will see www.yoururl.com/401.cgi but the URI string will still say www.yoururl.com/private/index.cgi regardless. This can be used to our advantage. We'll come back to that.