I need help to configure .htaccess file to restrict direct file access but would like the internal included files to work like images and pdf
order deny,allow
deny from all
allow from 127.0.0.1
Help!!
Thanks in advance :)
Related
I been searching and couldn't find this answer, usually they all ask how to block viewing the file from outside the domain.
I have a website where I don't have access to the remove a script by hand or Javascript since it executes before I can do it, but I do have access to the folder, so I was thinking if I can add an .htaccess blocking that specific JavaScript file (not all the .js files, only one which is prototype).
Is there any code to do to that?
Thank you in advance.
Yes there is! Put this in your .htaccess file:
<Files "example.js">
Order Allow,Deny
Deny from all
</Files>
So I have tried to follow some of the posts here to deny access to a public folder using .htaccess.
The problem is that I still can access the folder.
I have put the .htaccess inside my folder, with the commands?
Order allow,deny
Deny from all
I am missing something, but don`t know what.
BTW, I have restarted apache after that.
The site:
www.mysite.com
Folder I want to block
www.mysite.com/helloworld/
That configuration does exactly what you say it should do when I test it.
Presumably your server is configured not to respect .htaccess files.
You can change that by setting:
AllowOverride AuthConfig
… in your main configuration file.
See also the documentation for AllowOverride.
That said, if you don't want the content of a directory to be accessible to anyone over HTTP, then you are better off keeping that directory outside the web root in the first place.
I want to restrict access to some folders and files but only when a user tries to access to it through the url, not when the website access to these files. For example restrict the folders images, javascript,...
I tried in different ways but I always got error 500.
Basically, I don't want external users to list my website directory and open their files, if it is possible to accomplish.
Thanks in advance
This is pure mod_rewrite based solution:
RewriteRule ^(includes/|submit\.php) - [F,L,NC]
This will show forbidden error to use if URI contains certain paths.
You are getting a 500 error because the container cannot be used in an htaccess file (which is essentially all inside a directory container for the directory that it's in). What you need to do is remove the container from your htaccess file, and leave the Deny from all bit:
htaccess file in your document root:
Refuse direct access to all files
Order deny,allow
Deny from all
Allow from 127.0.0.1
Then create an htaccess file in the uploads/files/, uploads/images/pages/ and uploads/images/store/ (and whatever other directories that you want to allow access to):
Allow from all
put .htaccess and edit with "Deny from all".
That's it.
i have create custom form for user to submit the documents. now i want to restrict the access of that folder for others.. only specific ip can view the documents only.
for example: docs folder contains some images, pdf, and docx files. now i am restricting access for pdf and docx file using .htaccess code .
now as i have restrict the file access directly , the browser is returning 403 error.
now what i need is only my ip can access the pdf and docx.
for example: my ip is 100.100.100.100 so only i can access the pdf and docx file directly not others.
is there .htaccess code to allow file access for specific ip?
i did try this code.. which block access for my ip as well
Order deny,allow
Deny from all
<Files ~ ".(xml|css|jpe?g|png|gif|js)$">
Allow from all
</Files>
<Files ~ ".(xml|css|jpe?g|png|gif|js)$">
Allow from 100.100.100.100
</Files>
order deny,allow
deny from all
allow from 111.222.333.444
You need first to deny the content from all and then allow from custom IP. See more here: http://httpd.apache.org/docs/2.2/howto/access.html
I have a directory on my webserver. It does not have an index page. so when u access the directory via a web browser it lists the files in it. Now i want to create a htaccess file that can block the directory listing so that when you access it via the web browser, the files in the directory would not be listed but would be able to access the files by appending the name of the file you wish to access to the url making it a full part to the file. Also the htaccess file should be able to restrict access from all but files with a particular extention. Thanks.
Options -Indexes
Order allow,deny
Deny from all
<Files "*.gif">
Allow from all
Deny from none
</Files>
You can turn off the file listing for a particular directory in the directory's .htaccess with
Options -Indexes
OR
You could just put an empty index.html file in the directory you want to protect.
In the .htaccess file in your directory just put
Options -Indexes
As stated before.
Edited to remove the wrong htaccess setting. Again sorry