I can successfully block access to a file in htaccess with this:
<Files "image1.jpg">
Order Allow,Deny
Deny from all
</Files>
It works for one file, but I want to block access to thousands of files based on a pattern.
So something like this:
<Files "source_*">
Order Allow,Deny
Deny from all
</Files>
Note the * wildcard. If a file name starts with "source_" then it should deny access.
What would that look like in the correct syntax?
The directive you're looking for is FilesMatch. With it, you can use Regex to specify files. Probably something like:
<FilesMatch "source_.(gif|jpe?g|png)$">
# ...
</FilesMatch>
If you want to test your Regular Expression more easily, I'd recommend Regexr
Related
inside my site i have a directory /here/is/the/dir/path
i want to allow access to a single file in a subdirectory
example: test/testfile.xml
but want to deny access to a list of other files (jsp, class, jar, xml )
i have this which i want to place in httpd.conf
<Directory /here/is/the/dir/path >
<FilesMatch "test.xml">
Order Allow,Deny
Allow from All
Deny from None
</FilesMatch>
<FilesMatch "+\.(jsp|class|jar|xml)">
order allow,deny
deny from all
</FilesMatch>
</Directory>
is this the correct way to write this? is there a way to combine my two file match statements into a single statement ?
the stated method has been tested and is working.
I'd like to use settings in my .htaccess-file to exclude certain files from being displayed.
For some files (here data/important.json) I want that even authenticated users are exceluded from viewing the content those files.
For other files (here showerror.php) I'd like to give access to everyone.
The .htaccess-file in my root directory contains:
SetEnvIf Request_URI ^/showerror.php noauth=1
#SetEnvIf Request_URI ^/data/important.json noway=1
Order Deny,Allow
Satisfy any
Deny from all
Require user TestUser
Allow from env=noauth
#Deny from env=noway
The .htaccess-File of the folder /data/ contains:
<Files "important.json">
#Order Allow,Deny
Deny from all
</Files>
It seems that the Satisfy any allows authenticated users to view the file. So is there a way to also exclude authenticated users from viewing the content of important.json?
You can simply overwrite the require of your root-.htaccess with the following require-setting in the .htaccess of your subdirectory:
Require all denied
Also see: https://httpd.apache.org/docs/current/upgrading.html
If you'd like to do this file by file, use:
<Files "important.json">
Require all denied
</Files>
I am using following syntax to block some IPs from my .htaccess file:
DirectoryIndex index.php
order allow,deny
deny from 17.18.19.0
deny from 18.17.19.1
allow from all
and now I am not sure if I can even use this:
DirectoryIndex index.php
order allow,deny
deny from 18.17.19.1
allow from all
deny from 18.15.19.1
allow from all
deny from 18.18.19.1
allow from all
so can I just repeate this structure?
deny from x.x.x.x
allow from all
why I am asking? Because I found php script that just Append deny from at the end of file and I am not sure if I need " allow from all" line.
can it be just like this?
DirectoryIndex index.php
order allow,deny
allow from all
deny from 17.18.19.0
deny from 18.17.19.1
deny from ... etc.
First of all, this documentation page does a good job explaining things.
The following quote comes from mod_authz_host's documentation
The Order directive, along with the Allow and Deny directives,
controls a three-pass access control system. The first pass processes
either all Allow or all Deny directives, as specified by the Order
directive. The second pass parses the rest of the directives (Deny or
Allow). The third pass applies to all requests which do not match
either of the first two.
Note that all Allow and Deny directives are processed, unlike a
typical firewall, where only the first match is used. The last match
is effective (also unlike a typical firewall). Additionally, the order
in which lines appear in the configuration files is not significant --
all Allow lines are processed as one group, all Deny lines are
considered as another, and the default state is considered by itself.
In other words, if you have Order Allow,Deny, it will first process all Allow directives, then all Deny directives. You can probably figure out that it doesn't matter if you have 1 Allow from all or 100 Allow from all directives. The final result is the same, but with 100 of those directives your server will need more time processing. It will then process all deny directives and overwrite the permission you just gave if needed.
Therefore, you just need one Order Allow,Deny directive and only one Allow from all directive. Whatever script you are using can then just append Deny directives as it sees fit and all will work as expected.
I have a apache machine which is serving a .js file. That file should be the only file that need to seen.
I have configured to do so in my apache like this :
<Location /var/www/test/test.js>
Order allow,deny
Allow from all
</Location>
The site address is test.in which points to test.js file in /var/www/test directory. That is working fine. But I wish when the user tries to hit test.in/someurl (which is not available) or some other url than test.in need to give an message with 401 error.
How do I do that? Thanks in advance.
You misused <Location> - the argument should be URI not the directory path... You should use <Directory> to get the expected behavior.
I would do something like this (you should finetune it, it shows just the principle):
# first deny access to everything
<Location />
Order Deny,Allow
Deny from All
</Location>
# then allow access to specific URL
<Location /test/test.js>
Order Allow,Deny
Allow from All
</Location>
Have a look on Order directive and one or more of following: Location, LocationMatch, Directory, DirectoryMatch, Files, FilesMatch, etc.
I read another question on how to do this, and the most highlighted solution was the following:
<Files php.ini>
order allow,deny
deny from all
</Files>
I can't really fiddle with this without knowing for sure, since I don't have any testing environment or anything.
My question is, can I add multiple files to the same rule for denying access? What would the formatting be to add additional files to the same deny rule above?
Help is appreciated. Thank you.
You can use regular expressions per the manual entry for <Files>, or <FilesMatch>:
<FilesMatch "/(phpinfo\.php|php\.ini)">
order allow,deny
deny from all
</FilesMatch>