# htaccess
The site tells us that there are `.htaccess files` that configure the permissions for `/one/flag.txt` and `/two/flag.txt`.
### First Part of the Flag:
The .htaccess file for **`/one/flag.txt`** looks like this:
> ```apacheconf
> RewriteEngine On
> RewriteCond %{HTTP_HOST} !^localhost$
> RewriteRule ".*" "-" [F]
> ```
That tells us if the Host header does not match the string **'localhost'** the request is rewritten to be forbidden. Luckily we can simply set the Host header in our request to a value of our choice. Why not use **'localhost'** then:
### Second Part of the Flag:
Let's examine the second .htaccess file:
> ```apacheconf
> RewriteEngine On
> RewriteCond %{THE_REQUEST} flag
> RewriteRule ".*" "-" [F]
> ```
This has a similar structure but contains a server variable: 'THE\_REQUEST. [Official apache documentation](https://httpd.apache.org/docs/current/mod/mod_rewrite.html) states:
```
THE_REQUEST
The full HTTP request line sent by the browser to the server (e.g., "GET /index.html HTTP/1.1"). This does not include any additional headers sent by the browser. This value has not been unescaped (decoded), unlike most other variables below.
```
This means we are not allowed to request anything that has the string 'flag' in it. Thus we simply replace the 'flag' part of the url by an URL encoded string
### Full Flag
```
uctf{Sule_Dukol_waterfall}
```
