I’m doing some work on an IIS box and I’m curious about how an HTACCESS file might play a part in this… Since the server is IIS, are there security concerns that determine how effective an HTACCESS file might be? For example, is it just as important to use if on a box using Apache or not? Are there other security concerns to take note of?

IIS doesn’t use .htaccess, but httpd.ini

And it’s just as important to use an httpd.ini on IIS as it is to use a .htaccess on Apache: create one if you need it, for example if you want to rewrite URL’s (using mod_rewrite on Apache, or ISAPI_Rewrite on IIS).

If you have nothing to extra to tell the web server (i.e., it does its job just fine without a .htaccess/httpd.conf) you don’t need a .htaccess/httpd.ini

Your post would suggest .htaccess increases the security of your website, this is not the case. Of course you could protect files and/or directories using .htacess but just having an .htaccess for the sake of having an .htaccess doesn’t increase the security of your website.

What are you trying to achieve with the .htaccess file, or in your case the httpd.ini ?

Thanks for the follow-up, Scallio.

What I’m trying to do with an .htaccess / httpd.ini file is restrict unwanted IP blocks, protect directories and or files, provide for certain redirects for things like 403s, 404s, etc.

So yes, I did have a lot of security in mind but if httpd.ini files are the equivalent of .htaccess files, then I also have functionality in mind, too, for various error-like issues like those redirects for the 403s, etc.

What version of IIS?