I been searching and couldn't find this answer, usually they all ask how to block viewing the file from outside the domain.
I have a website where I don't have access to the remove a script by hand or Javascript since it executes before I can do it, but I do have access to the folder, so I was thinking if I can add an .htaccess blocking that specific JavaScript file (not all the .js files, only one which is prototype).
Is there any code to do to that?
Thank you in advance.
Yes there is! Put this in your .htaccess file:
<Files "example.js">
Order Allow,Deny
Deny from all
</Files>
Related
I have the following file structure in cPanel
web_root_folder_
|____.neverDelete/_____
| |_____img/logo-30.png
| |_____js/error-page.js
| |_____css/error-page.css
|
|____403.shtml
|
|____.htaccess
I wanted to write .htaccess with some code that puts the website in 'maintenance mode'.
So...I wrote 403.shtml page, which uses external css, javascript and images stored in .neverDelete folder.
I wrote the following code in .htaccess
# The WORKING CODE (Too Long 😑)
Deny From All
<FilesMatch 404-layout.min.css>
Allow From All
</FilesMatch>
<FilesMatch logo-small-transparent-30.png>
Allow From All
</FilesMatch>
<FilesMatch error-page.js>
Allow From All
</FilesMatch>
This code successfully worked. It implemented a 403(forbidden) for all files except the 3 files (mentioned in .htaccess file)
but, I want to make all the files n folders present in .neverDelete/ to be served on my website when in maintenance mode.
So i visited http://httpd.apache.org/docs/1.3/mod/core.html#directory to get help. I wrote the code in .htaccess below that actually gave in a 500(server error).
# WRONG CODE
Deny From All
<Directory .neverDelete/ >
Allow From All
</Directory>
How can I make all the files n folders present in .neverDelete/ to be served on my website when in maintenance mode.
Thanks to #CBroe
In the .htaccess file, we can't use a <Directory> container, since the .htaccess file itself defines the directory.
Since .htaccess defines the directory...we can put a .htaccess file in the .neverDelete/ directory with the following code
Allow from all
This will make the contents of the .neverDelete/ directory always available.
So I have tried to follow some of the posts here to deny access to a public folder using .htaccess.
The problem is that I still can access the folder.
I have put the .htaccess inside my folder, with the commands?
Order allow,deny
Deny from all
I am missing something, but don`t know what.
BTW, I have restarted apache after that.
The site:
www.mysite.com
Folder I want to block
www.mysite.com/helloworld/
That configuration does exactly what you say it should do when I test it.
Presumably your server is configured not to respect .htaccess files.
You can change that by setting:
AllowOverride AuthConfig
… in your main configuration file.
See also the documentation for AllowOverride.
That said, if you don't want the content of a directory to be accessible to anyone over HTTP, then you are better off keeping that directory outside the web root in the first place.
So far, I have:
order deny,allow
deny from all
allow from 127.0.0.1/8
This blocks the top directory (not root directory) of the folder I am trying to hide from anyone else except me, but it does not block subdirectories. I still want to have access to the directory, and all the examples I have seen use the Rewrite Engine to completely block access from subdirectories. How do I block the subdirectories as well? This is the opposite of the first suggested question:
How do I make .htaccess work on the current directory and not subdirectories?
Your quoted config works as you need.
If it does block only the current directory but you're able to access a subdirectory of it - this is how I understand your description - it means, you changed the access rules with some further .htaccess and/or config in httpd.conf i.e. by allow from all
At first, I thought the closed beta packages I was testing were overriding my .htaccess file with their own, but they did not override any directory permissions.
At Kamil's suggestion, I looked into my httpd.conf and noticed that AllowOverride was set to None for the root directory of my web server. Setting it to All worked like a charm.
I have a project that has .htaccess Authentication but i want to remove it for a certain assets folder.
i tried adding a htaccess in that folder with :
AuthType none
Satisfy Any
Allow from All
Order Allow, Deny
but it doesnt seem to work :(
Any thought on this. Thank you so much
Edit
The directory i am trying to unprotect is not a real directory, but a rewrite rule.
I dont have access to httpd.conf
Without seeing your full .htaccess I'm guessing, but what about something like this:
RewriteEngine On
RewriteRule ^assets/ - [E=allow-assets:1]
Allow from env=allow-assets
That could go in the .htaccess of the parent directory, not assets.
You could possibly do this if you have access to /etc/httpd.conf -- do you?
I have a directory on my webserver. It does not have an index page. so when u access the directory via a web browser it lists the files in it. Now i want to create a htaccess file that can block the directory listing so that when you access it via the web browser, the files in the directory would not be listed but would be able to access the files by appending the name of the file you wish to access to the url making it a full part to the file. Also the htaccess file should be able to restrict access from all but files with a particular extention. Thanks.
Options -Indexes
Order allow,deny
Deny from all
<Files "*.gif">
Allow from all
Deny from none
</Files>
You can turn off the file listing for a particular directory in the directory's .htaccess with
Options -Indexes
OR
You could just put an empty index.html file in the directory you want to protect.
In the .htaccess file in your directory just put
Options -Indexes
As stated before.
Edited to remove the wrong htaccess setting. Again sorry