I'd like to use settings in my .htaccess-file to exclude certain files from being displayed.
For some files (here data/important.json) I want that even authenticated users are exceluded from viewing the content those files.
For other files (here showerror.php) I'd like to give access to everyone.
The .htaccess-file in my root directory contains:
SetEnvIf Request_URI ^/showerror.php noauth=1
#SetEnvIf Request_URI ^/data/important.json noway=1
Order Deny,Allow
Satisfy any
Deny from all
Require user TestUser
Allow from env=noauth
#Deny from env=noway
The .htaccess-File of the folder /data/ contains:
<Files "important.json">
#Order Allow,Deny
Deny from all
</Files>
It seems that the Satisfy any allows authenticated users to view the file. So is there a way to also exclude authenticated users from viewing the content of important.json?
You can simply overwrite the require of your root-.htaccess with the following require-setting in the .htaccess of your subdirectory:
Require all denied
Also see: https://httpd.apache.org/docs/current/upgrading.html
If you'd like to do this file by file, use:
<Files "important.json">
Require all denied
</Files>
Related
I need to upload a public accessible file in yii installation which I can access from url. This is domain verification file. I've uploaded it in /frontend/web folder but it's not accessible directly via url mydomain.com/file.txt
As pointed out below, .htaccess file may be preventing this file to be accessible. Can anyone let me know how to write rule in .htaccess file to allow it?
This might help
<Files *.*>
Order Deny,Allow
Deny from all
</Files>
<Files ~ "^index\.php|css|js|.*\.png|.*\.jpg|.*\.gif|.*\.jpeg|.*\.ttf">
Allow from all
</Files>
If you get the following error.
You don't have permission to access /frontend/web/ on this server.
Then, add the following rule in your .htaccess
<Directory "/path/to/frontend/web/">
Options +Indexes
Allow from all
</Directory>
Here the documentation about Apache .htaccess permissions
I want the following; Only index.php should have access to all folders in the server, users of the website should not be able to access folders like "assets".
I tried the following codes:
Order allow,deny
Deny from all
<FilesMatch index\.php>
Allow from all
</FilesMatch>
And
order deny,allow
deny from all
allow from 127.0.0.1
And
require local
Could anyone help me out? I really need to block access to the "assets" folder and other folders
I have a site (running on a framework, so folders are virtual) with access blocked via .htaccess/.htpasswd, but I want to permit public access to one folder/file. I've tried all of the solutions suggested elsewhere but so far nothing has worked.
Here's the basic .htaccess contents:
AuthUserFile /var/www/vhosts/mysite.com/.htpasswd
AuthName "MySite Restricted Area"
AuthType Basic
Require valid-user
I want to allow access to the URL /api/user/create. I have tried the following variations, all to no effect:
<Files "create">
Allow from all
</Files>
<FilesMatch create$>
Allow from all
</FilesMatch>
SetEnvIf Request_URI "create" allow
Deny from all
Allow from env=allow
It seems like the filename create isn't recognised as a valid file, but I have no idea why the last one doesn't work. :(
The problem is you are using virtual folders. <Files *> only takes effect for files on the disk. You should use the <Location> directive instead.
https://httpd.apache.org/docs/2.4/en/mod/core.html#location
Is it possible with Apache to enable Indexes for a directory and be able to view every file, but at the same time, password protect only certain file types. When I use <FilesMatch "\.(type1|type2)"> they become hidden from the directory listing, but do become password protected. I just need them to be available in the directory listing because... reasons.
Here's what I got that does half the job.
<FilesMatch "\.(dat|mca|mcr)$">
AuthName "Protected Files"
AuthType Basic
AuthUserFile /home/web/maps/.htpasswd
require valid-user
</Files>
<Directory /home/web>
Options +Indexes
</Directory>
IndexOptions +showForbidden will allow autoindex listings for things that may eventually require authentication (or are forbidden for any other reason!)
Consider installing your own indexer; typically this is just a PHP script in the directory itself (index.php) that dynamically retrieves the directory listing. Just like Apache's mod_autoindex would, but potentially with nicer looks.
DIY:
listing files in folder showing index.php
Off-the-shelve:
http://autoindex.sourceforge.net/
http://pdirl.newroots.de/
http://www.evoluted.net/thinktank/web-development/php-directory-listing-script
with .htaccess i created auth limitation on some directories, and i want to allow access to only one of their subdirectory. can you help me how to achieve that?
tnx in adv!
UPDATED: my current .htaccess contains next:
AuthUserFile /var/www/mysite/httpdocs/passwds/.htpasswd
AuthGroupFile /dev/null
AuthName "In development..."
AuthType Basic
<Limit GET POST>
require valid-user
</Limit>
If you put .htaccess in one directory, that specific directory and all its children, receive same policy. That means, if you put in any children directory another .htaccess file, it can modify any previously defined policy, same as its parent .htaccess.
Add "Satisfy Any" to the child .htaccess
Order allow,deny
Allow from all
Satisfy any
See apache "Satisfy" docs, it SHOULD work, as this is only solution.