I want the following; Only index.php should have access to all folders in the server, users of the website should not be able to access folders like "assets".
I tried the following codes:
Order allow,deny
Deny from all
<FilesMatch index\.php>
Allow from all
</FilesMatch>
And
order deny,allow
deny from all
allow from 127.0.0.1
And
require local
Could anyone help me out? I really need to block access to the "assets" folder and other folders
Related
I need to upload a public accessible file in yii installation which I can access from url. This is domain verification file. I've uploaded it in /frontend/web folder but it's not accessible directly via url mydomain.com/file.txt
As pointed out below, .htaccess file may be preventing this file to be accessible. Can anyone let me know how to write rule in .htaccess file to allow it?
This might help
<Files *.*>
Order Deny,Allow
Deny from all
</Files>
<Files ~ "^index\.php|css|js|.*\.png|.*\.jpg|.*\.gif|.*\.jpeg|.*\.ttf">
Allow from all
</Files>
If you get the following error.
You don't have permission to access /frontend/web/ on this server.
Then, add the following rule in your .htaccess
<Directory "/path/to/frontend/web/">
Options +Indexes
Allow from all
</Directory>
Here the documentation about Apache .htaccess permissions
inside my site i have a directory /here/is/the/dir/path
i want to allow access to a single file in a subdirectory
example: test/testfile.xml
but want to deny access to a list of other files (jsp, class, jar, xml )
i have this which i want to place in httpd.conf
<Directory /here/is/the/dir/path >
<FilesMatch "test.xml">
Order Allow,Deny
Allow from All
Deny from None
</FilesMatch>
<FilesMatch "+\.(jsp|class|jar|xml)">
order allow,deny
deny from all
</FilesMatch>
</Directory>
is this the correct way to write this? is there a way to combine my two file match statements into a single statement ?
the stated method has been tested and is working.
I'd like to use settings in my .htaccess-file to exclude certain files from being displayed.
For some files (here data/important.json) I want that even authenticated users are exceluded from viewing the content those files.
For other files (here showerror.php) I'd like to give access to everyone.
The .htaccess-file in my root directory contains:
SetEnvIf Request_URI ^/showerror.php noauth=1
#SetEnvIf Request_URI ^/data/important.json noway=1
Order Deny,Allow
Satisfy any
Deny from all
Require user TestUser
Allow from env=noauth
#Deny from env=noway
The .htaccess-File of the folder /data/ contains:
<Files "important.json">
#Order Allow,Deny
Deny from all
</Files>
It seems that the Satisfy any allows authenticated users to view the file. So is there a way to also exclude authenticated users from viewing the content of important.json?
You can simply overwrite the require of your root-.htaccess with the following require-setting in the .htaccess of your subdirectory:
Require all denied
Also see: https://httpd.apache.org/docs/current/upgrading.html
If you'd like to do this file by file, use:
<Files "important.json">
Require all denied
</Files>
I have an .htacces file and I am trying to open up access to a file and folder within a protected folder.
The file is index.php so I do the following:
<Files index.php>
Order Allow,Deny
Allow from All
Satisfy Any
</Files>
This works and give me access to this file. This file requires assets from the assets/ directory. So I try to open that directory up by doing the following:
<Directory "/assets">
Order Allow,Deny
Allow from All
Satisfy Any
</Directory>
But this is giving me a 500 error. Not sure why.
You can't use the <Directory> container inside an htaccess file (which is essentially like the <Directory> container itself). If you want to allow access to assets, then create an htaccess file inassets with just:
Order Allow,Deny
Allow from All
Within apache can I restrict users to listing the contents of a directory or is it true to say that once a user has been allowed access there is nothing to restrict them from downloading the content?
<Directory "c:/[your path]">
Order Allow,Deny
Allow from all
#Options Indexes
<LimitExcept ALL>
require user [your user]
</LimitExcept>
</Directory>
Without the Option Indexes in the file *.conf, the user can't listing the content of the directory. They steal can access to a ressource of the file.
I think it was what you asking for!