i have create custom form for user to submit the documents. now i want to restrict the access of that folder for others.. only specific ip can view the documents only.
for example: docs folder contains some images, pdf, and docx files. now i am restricting access for pdf and docx file using .htaccess code .
now as i have restrict the file access directly , the browser is returning 403 error.
now what i need is only my ip can access the pdf and docx.
for example: my ip is 100.100.100.100 so only i can access the pdf and docx file directly not others.
is there .htaccess code to allow file access for specific ip?
i did try this code.. which block access for my ip as well
Order deny,allow
Deny from all
<Files ~ ".(xml|css|jpe?g|png|gif|js)$">
Allow from all
</Files>
<Files ~ ".(xml|css|jpe?g|png|gif|js)$">
Allow from 100.100.100.100
</Files>
order deny,allow
deny from all
allow from 111.222.333.444
You need first to deny the content from all and then allow from custom IP. See more here: http://httpd.apache.org/docs/2.2/howto/access.html
Related
I need help to configure .htaccess file to restrict direct file access but would like the internal included files to work like images and pdf
order deny,allow
deny from all
allow from 127.0.0.1
Help!!
Thanks in advance :)
Via htaccess, I would like to:
1 - Disallow everyone to access the site.
2 - Allow only 3 ips to pass through the ip ban.
3 - Leave 1 directory accessible fully to the public.
I understand the the rule number 3 goes against rule number 1, and this is where I am confused.
Currently I have this code:
<Files 403.shtml>
order deny,allow
deny from all
</Files>
allow from xxx.xxx.xxx.xx #Fred
allow from xxx.xxx.xxx.xxx #Ben
The above code works fine in not letting anyone in apart from my 3 coworkers.
<Directory /printing/>
Order Allow, Deny
Allow from All
</Directory>
The above code (when added) give me a 500 internal server error.
How to have a mix of both code so people can still access my directory publicly while blocking access to any other parts of the website?
You can't add a <Directory> container inside an htaccess file, since htaccess is already per-directory.
What you need to do is create an htaccess file in the printing directory with just:
Order Allow, Deny
Allow from All
We have enabled spelling mod by default on our server to avoid linking problems with html code done on Windows. Recently we added protection to our image folder to allow only images and documents of certain type to be accesible through htaccess by simple deny,allow and list of allowed types:
Order deny,allow
Deny from all
<Files ~ ".(jpe?g|png|gif|pdf)$">
Allow from all
</Files>
Problem is, that now images with wrong case in url, which are supposed to be corrected with mod-spelling, shows error (Forbidden access) instead of actual image. Any ideas how to correct this?
i have almost 20 pages on server, but i want only a file named abc.php, which users can watch. i want if user forcefully open the other files like //example.com/some.php .htaccess shows 403 error.
<Files ~ "^(?!(changepwd|login|register|remind|securitycode|registersuggest)\.php$).*(\.php)$">
AuthName "Reserved Area"
AuthType Basic
AuthUserFile path_to/.htpasswd
AuthGroupFile path_to/.htgroup
Order Deny,allow
Require group allowed_groups
</Files>
this is the way i am currently using, but i think there can be more elegant solutions.
This .htaccess-file will only allow users to open index.php. Attempts to access any other files will result in a 403-error.
Order deny,allow
Deny from all
<Files "index.php">
Allow from all
</Files>
If you also want to use authentication for some of the files, you may simply add the content from your current file at the end of my example.
Its safest to move the files you don't want the users to access to a directory which is not in the root directory of the web server.
Like if the root directory of my site is this:
/var/www/html/my_web_site/public/index.php
I can put the non-public files in another directory like this:
/var/www/html/my_web_site/config.php
/var/www/html/my_web_site/auth.php
/var/www/html/my_web_site/db.php
And include the files like this in index.php:
include("../config.php");
include("../auth.php");
include("../db.php");
Whit this, you don't have to risk to accidentally delete or forget to copy the .htaccess file.
I have a directory on my webserver. It does not have an index page. so when u access the directory via a web browser it lists the files in it. Now i want to create a htaccess file that can block the directory listing so that when you access it via the web browser, the files in the directory would not be listed but would be able to access the files by appending the name of the file you wish to access to the url making it a full part to the file. Also the htaccess file should be able to restrict access from all but files with a particular extention. Thanks.
Options -Indexes
Order allow,deny
Deny from all
<Files "*.gif">
Allow from all
Deny from none
</Files>
You can turn off the file listing for a particular directory in the directory's .htaccess with
Options -Indexes
OR
You could just put an empty index.html file in the directory you want to protect.
In the .htaccess file in your directory just put
Options -Indexes
As stated before.
Edited to remove the wrong htaccess setting. Again sorry