It depends on the type of the webserver in question. If it's apache, it should contain something like this in the config file (usually in the "main" apache.conf):
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
Deny from all
- answered 4 years ago
- Community wiki