---
title: "Security warning: Couldn't write .htaccess file"
date: "2022-04-11T22:59:11+00:00"
summary:
image:
type: "article"
url: "/acquia-cloud-platform/help/93746-security-warning-couldnt-write-htaccess-file"
id: "5787a3c2-b7fe-462e-a56f-fae425d5a523"
---

Issue
-----

As an Acquia Cloud Site Factory customer, I am receiving the following security warning on my server:

    Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your /mnt/www/html/site_env/docroot/sites/g/files/filename/files/config_xxxxxx/sync directory which contains the following lines:
    
    # Deny all requests from Apache 2.4+.
    <IfModule mod_authz_core.c>
      Require all denied 
    </IfModule>
    
    # Deny all requests from Apache 2.0-2.2.
    <IfModule !mod_authz_core.c>
      Deny from all 
    </IfModule>
    
    # Turn off all options we don't need.
    Options -Indexes -ExecCGI -Includes -MultiViews
    
    # Set the catch-all handler to prevent scripts from being executed.
    SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
    <Files *>
      # Override the handler again if we're run later in the evaluation list.
      SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_003
    <Files>
    
    # If we know how to do it safely, disable the PHP engine entirely.
    <IfModule mod_php5.c>
      php_flag engine off 
    </IfModule>

Resolution
----------

If you are receiving the above security warning on your server, you may need to set your configuration directories to be writable in a [factory hook](/node/57269) by using the following code snippet in a file such as `acsf-config.php`:

    <?php 
    
    /**
     *   Set vcs and sync dirs to writable directories above docroot.
     */
    
    $settings['config_vcs_directory'] = '../config/default';
    $settings['config_sync_directory'] = '../config/default';