My server is assaulted such as this ./../../../../../../../../../etc/passwd%00 HTTP/1.1" 200 28114 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1"

How do i defend it with .htaccess file?

You're being scanned for directory traversal weaknesses. The cool thing is these scans will return nothing. however , it may be the precursor to some compromise.

Certainly the best way to protect from this attack is applying a Web Application Firewall like Mod_Security that we know for certain includes a rule set which searches for "...." in all http demands and drops the request before it hits the application.

Father more mod_security provides logs which greatly helps police force within the situation of the effective comprise.

The easiest method to prevent this attack from succeeding is the recommendations from Apache security tips. They will use Directory directive for your. Regrettably that directive can not be used from .htaccess, and so i propose using Files directive to safeguard your most sensitive files.