My server is assaulted such as this
22.214.171.124 ./../../../../../../../../../etc/passwd%00 HTTP/1.1" 200 28114 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1"
How do i defend it with .htaccess file?
You're being scanned for directory traversal weaknesses. The cool thing is these scans will return nothing. however , it may be the precursor to some compromise.
Certainly the best way to protect from this attack is applying a Web Application Firewall like Mod_Security that we know for certain includes a rule set which searches for "...." in all http demands and drops the request before it hits the application.
Father more mod_security provides logs which greatly helps police force within the situation of the effective comprise.