Hello everyone!
I’m facing a security issue on my websites hosted using HestiaCP. The problem is that files with extensions like .txt or .json (perhaps other formats as well) are publicly accessible. I’ve tried various configurations in the “.htaccess” file without any success, and I’m unsure of the root cause.
At first, I suspected that the “.htaccess” rules were not functioning, but I tested by adding a simple redirection to google.com, and it worked perfectly.
Here’s an example of a file that shouldn’t be publicly visible, but unfortunately, it is:
https://dutyfree.lol/includes/config/webengine.json
(No need to worry about the data shown in the JSON; it’s fake and for testing purposes.)
Any assistance or guidance on resolving this issue would be greatly appreciated. Thanks in advance!