Mod_spelling and limited access to certain files through htaccess - apache

We have enabled spelling mod by default on our server to avoid linking problems with html code done on Windows. Recently we added protection to our image folder to allow only images and documents of certain type to be accesible through htaccess by simple deny,allow and list of allowed types:
Order deny,allow
Deny from all
<Files ~ ".(jpe?g|png|gif|pdf)$">
Allow from all
</Files>
Problem is, that now images with wrong case in url, which are supposed to be corrected with mod-spelling, shows error (Forbidden access) instead of actual image. Any ideas how to correct this?

Related

.htaccess to block specific file

I been searching and couldn't find this answer, usually they all ask how to block viewing the file from outside the domain.
I have a website where I don't have access to the remove a script by hand or Javascript since it executes before I can do it, but I do have access to the folder, so I was thinking if I can add an .htaccess blocking that specific JavaScript file (not all the .js files, only one which is prototype).
Is there any code to do to that?
Thank you in advance.
Yes there is! Put this in your .htaccess file:
<Files "example.js">
Order Allow,Deny
Deny from all
</Files>

Deny direct access to folder from URL

So I have tried to follow some of the posts here to deny access to a public folder using .htaccess.
The problem is that I still can access the folder.
I have put the .htaccess inside my folder, with the commands?
Order allow,deny
Deny from all
I am missing something, but don`t know what.
BTW, I have restarted apache after that.
The site:
www.mysite.com
Folder I want to block
www.mysite.com/helloworld/
That configuration does exactly what you say it should do when I test it.
Presumably your server is configured not to respect .htaccess files.
You can change that by setting:
AllowOverride AuthConfig
… in your main configuration file.
See also the documentation for AllowOverride.
That said, if you don't want the content of a directory to be accessible to anyone over HTTP, then you are better off keeping that directory outside the web root in the first place.

How to disallow site wide access but only allow certain urls to be accessed by public via htaccess

Via htaccess, I would like to:
1 - Disallow everyone to access the site.
2 - Allow only 3 ips to pass through the ip ban.
3 - Leave 1 directory accessible fully to the public.
I understand the the rule number 3 goes against rule number 1, and this is where I am confused.
Currently I have this code:
<Files 403.shtml>
order deny,allow
deny from all
</Files>
allow from xxx.xxx.xxx.xx #Fred
allow from xxx.xxx.xxx.xxx #Ben
The above code works fine in not letting anyone in apart from my 3 coworkers.
<Directory /printing/>
Order Allow, Deny
Allow from All
</Directory>
The above code (when added) give me a 500 internal server error.
How to have a mix of both code so people can still access my directory publicly while blocking access to any other parts of the website?
You can't add a <Directory> container inside an htaccess file, since htaccess is already per-directory.
What you need to do is create an htaccess file in the printing directory with just:
Order Allow, Deny
Allow from All

htaccess: file access for specific ip only

i have create custom form for user to submit the documents. now i want to restrict the access of that folder for others.. only specific ip can view the documents only.
for example: docs folder contains some images, pdf, and docx files. now i am restricting access for pdf and docx file using .htaccess code .
now as i have restrict the file access directly , the browser is returning 403 error.
now what i need is only my ip can access the pdf and docx.
for example: my ip is 100.100.100.100 so only i can access the pdf and docx file directly not others.
is there .htaccess code to allow file access for specific ip?
i did try this code.. which block access for my ip as well
Order deny,allow
Deny from all
<Files ~ ".(xml|css|jpe?g|png|gif|js)$">
Allow from all
</Files>
<Files ~ ".(xml|css|jpe?g|png|gif|js)$">
Allow from 100.100.100.100
</Files>
order deny,allow
deny from all
allow from 111.222.333.444
You need first to deny the content from all and then allow from custom IP. See more here: http://httpd.apache.org/docs/2.2/howto/access.html

Allowing only certain files to view by .htaccess

i have almost 20 pages on server, but i want only a file named abc.php, which users can watch. i want if user forcefully open the other files like //example.com/some.php .htaccess shows 403 error.
<Files ~ "^(?!(changepwd|login|register|remind|securitycode|registersuggest)\.php$).*(\.php)$">
AuthName "Reserved Area"
AuthType Basic
AuthUserFile path_to/.htpasswd
AuthGroupFile path_to/.htgroup
Order Deny,allow
Require group allowed_groups
</Files>
this is the way i am currently using, but i think there can be more elegant solutions.
This .htaccess-file will only allow users to open index.php. Attempts to access any other files will result in a 403-error.
Order deny,allow
Deny from all
<Files "index.php">
Allow from all
</Files>
If you also want to use authentication for some of the files, you may simply add the content from your current file at the end of my example.
Its safest to move the files you don't want the users to access to a directory which is not in the root directory of the web server.
Like if the root directory of my site is this:
/var/www/html/my_web_site/public/index.php
I can put the non-public files in another directory like this:
/var/www/html/my_web_site/config.php
/var/www/html/my_web_site/auth.php
/var/www/html/my_web_site/db.php
And include the files like this in index.php:
include("../config.php");
include("../auth.php");
include("../db.php");
Whit this, you don't have to risk to accidentally delete or forget to copy the .htaccess file.