I currently have my main page at www and some files at www/files/.
How could I block the access to /files itself, but allow users to access www/files/ without having to give each folder a separated .htaccess file and without changing my current htaccess file at www?
Related
Does anyone know how I could achieve the following with .htaccess?
If the file does not exist but folder exists, redirect to folder
If the file is in the root directory, or folder does not exist, redirect to home page "/"
For example, if we have to take a request to www.domain.com/folder/file.html:
If /folder/file.html exists, we just show it as is, no redirect.
If /folder/file.html does NOT existing but /folder/ does exist, we redirect to /folder/
If then /folder/ does not exists we redirect to "/" We need this done in a generic way so that we do not need to hardcode the folder or file names into the .htaccess file.
Should work for all file types with a way to set up exclusions (both for folders and filetypes)
I want to restrict access to some folders and files but only when a user tries to access to it through the url, not when the website access to these files. For example restrict the folders images, javascript,...
I tried in different ways but I always got error 500.
Basically, I don't want external users to list my website directory and open their files, if it is possible to accomplish.
Thanks in advance
This is pure mod_rewrite based solution:
RewriteRule ^(includes/|submit\.php) - [F,L,NC]
This will show forbidden error to use if URI contains certain paths.
You are getting a 500 error because the container cannot be used in an htaccess file (which is essentially all inside a directory container for the directory that it's in). What you need to do is remove the container from your htaccess file, and leave the Deny from all bit:
htaccess file in your document root:
Refuse direct access to all files
Order deny,allow
Deny from all
Allow from 127.0.0.1
Then create an htaccess file in the uploads/files/, uploads/images/pages/ and uploads/images/store/ (and whatever other directories that you want to allow access to):
Allow from all
put .htaccess and edit with "Deny from all".
That's it.
I need htaccess that will redirect users accessing subdirectories of specific directory (one that contains htaccess) to corresponding subdirectories on another server.
For example:
server_1/dir_with_htaccess/user_subdir_of_choice ---> server_2/user_subdir_of_choice
No subdirectory woudl actually exist on first server, it woudl just contain htaccess.
I have one .htaccess file (all subdomains point at the same file directory as the main domain, so one .htaccess file would need to accomplish this). What I'm trying to do is this: any current and future subdomains should redirect like so:
sub1.example.com/cart
sub2.example.com/cart
sub3.example.com/cart
unknown_future_subdomain.example.com/cart
Those 4 subdomains and specific /cart path should all redirect to example.com/cart
I have tried different solutions but they caused redirect loops, I think because the sames .htaccess file is loaded on the main domain.
How do you write rules to redirect all requests to *.php and *.html files in upload/ folder to a text file name forbidden.txt in root www folder. What I'm trying to do exactly is preventing script execution in this dir by redirecting those requests to the text file
Note: The upload/ folder is accessibly by ftp used by a group of people to upload files so I cannot place htaccess inside this folder.
Create an .htaccess file at the root level of your site containing
RedirectMatch ^/upload/.+(html|php)$ http://www.yoursite.com/forbidden.txt
You could also try switching off the PHP engine in that directory by creating an .htaccess file in /upload/ containing:
php_value engine off
although you would need to ensure that people cannot upload files with the name .htaccess
Put your htaccess rules in httpd.conf instead.
If you can't edit httpd.conf, then your best bet is to not allow web access to that directory at all. Let FTP users access a folder outside of your web directory and then provide a mechanism for retrieving the file contents.
You could name that directory "upload". Then you could have your .htaccess file make requests to /upload/myfile execute upload.php, which finds ../upload/myfile and spits backs its contents. This way it would appear to users that they are accessing the "upload" folder directly, but you would the level of control you want through the PHP script.