create a Security Document that informs everyone which directories they should be blocking at a server level. Maybe with examples for the major HTTP engines out there.

[netniV]

Instead of blindly adding htaccess files everywhere, a better idea would be to create a Security Document that informs everyone which directories they should be blocking at a server level. Maybe with examples for the major HTTP engines out there.

htaccess files do absolutely nothing for those people not using Apache (Nginx, IIS, Lighttpd, etc...). Even with Apache, it is better to block these in your conf instead.

From https://cwiki.apache.org/confluence/display/HTTPD/Htaccess

The use of .htaccess files is discouraged as they can have a detrimental effect on server performance. Only use them when necessary.

If we really have to go down this route, then I recommend 1 htaccess file in the root instead of 1 in every directory we want to block.

Originally posted by @cigamit in https://github.com/Cacti/cacti/issues/2758#issuecomment-505206563

[bmfmancini]

I will start working on this !

[TheWitness]

Any updates @bmfmancini?

[bmfmancini]

Oops sorry I lost track of this i will work on it this week

[patilniraj8]

I would like to work on this You can contact me through my mail nirajpatil849@gmail.com

[TheWitness]

@patilniraj8, We can not assign it to you directly, but you are welcome to contribute a page.

Is it the you are not too sure about the markdown language? If you use Windows, there is a relatively cheap tool called Markdown Pad that I use.