I read another question on how to do this, and the most highlighted solution was the following:
<Files php.ini>
order allow,deny
deny from all
</Files>
I can't really fiddle with this without knowing for sure, since I don't have any testing environment or anything.
My question is, can I add multiple files to the same rule for denying access? What would the formatting be to add additional files to the same deny rule above?
Help is appreciated. Thank you.
You can use regular expressions per the manual entry for <Files>, or <FilesMatch>:
<FilesMatch "/(phpinfo\.php|php\.ini)">
order allow,deny
deny from all
</FilesMatch>
Related
I can successfully block access to a file in htaccess with this:
<Files "image1.jpg">
Order Allow,Deny
Deny from all
</Files>
It works for one file, but I want to block access to thousands of files based on a pattern.
So something like this:
<Files "source_*">
Order Allow,Deny
Deny from all
</Files>
Note the * wildcard. If a file name starts with "source_" then it should deny access.
What would that look like in the correct syntax?
The directive you're looking for is FilesMatch. With it, you can use Regex to specify files. Probably something like:
<FilesMatch "source_.(gif|jpe?g|png)$">
# ...
</FilesMatch>
If you want to test your Regular Expression more easily, I'd recommend Regexr
inside my site i have a directory /here/is/the/dir/path
i want to allow access to a single file in a subdirectory
example: test/testfile.xml
but want to deny access to a list of other files (jsp, class, jar, xml )
i have this which i want to place in httpd.conf
<Directory /here/is/the/dir/path >
<FilesMatch "test.xml">
Order Allow,Deny
Allow from All
Deny from None
</FilesMatch>
<FilesMatch "+\.(jsp|class|jar|xml)">
order allow,deny
deny from all
</FilesMatch>
</Directory>
is this the correct way to write this? is there a way to combine my two file match statements into a single statement ?
the stated method has been tested and is working.
P.S.: Sorry me and please be lenient with my English.
I have the situation when some IP must blocked and better way for this on my mind - htaccess. It cause I have many entry points. It easy and works fine...
I do:
<Files *>
Order allow,deny
deny from aaa.aaa.aaa.aaa/aa
deny from bbb.bbb.bbb.bbb/bb
Allow from all
</Files>
BUT! There one more things. I have a few devices which should be allowed access even if they go through the denied IP.
I can't install some module for Apache. So I need some simply way for decide it.
Can someone give me some ways or some tricks for it?
You need some way of identifying those devices, then you can add an environment variable to set up an exception and use access control by environment variable. For example, if you can do it by user-agent:
SetEnvIf User-Agent SpecialUA UAException=1
<Files *>
Order allow,deny
Allow from UAException=1
Deny from aaa.aaa.aaa.aaa/aa
Deny from bbb.bbb.bbb.bbb/bb
Allow from all
</Files>
See also SetEnvIf. I am linking to Apache 2.2 docs since you are using the old syntax which has been updated in 2.4.
Just having trouble setting an access control in Apache. So I want to deny access to a specific ip address for a section in my website. So when this ip address access my site, they shouldn't be able to see the "test" section of the website.
This is what I have done inside the httpd.conf file
<Directory /test>
Order Allow,Deny
Allow from all
Deny from 10.13.89.47
</Directory>
Please can someone tell me what I am doing wrong ?
Thanks
Based on the information you have provided, you document root is '/' (very dangerous) or you've not understood how the 'Directory' tag works. I would expect the tag to look something more like.....
<Directory /srv/www/htdocs/test>
I have used something else to get it working.
<Location/test>
Order Allow,Deny
Allow from all
Deny from 10.13.89.47
</Location>
I am using following syntax to block some IPs from my .htaccess file:
DirectoryIndex index.php
order allow,deny
deny from 17.18.19.0
deny from 18.17.19.1
allow from all
and now I am not sure if I can even use this:
DirectoryIndex index.php
order allow,deny
deny from 18.17.19.1
allow from all
deny from 18.15.19.1
allow from all
deny from 18.18.19.1
allow from all
so can I just repeate this structure?
deny from x.x.x.x
allow from all
why I am asking? Because I found php script that just Append deny from at the end of file and I am not sure if I need " allow from all" line.
can it be just like this?
DirectoryIndex index.php
order allow,deny
allow from all
deny from 17.18.19.0
deny from 18.17.19.1
deny from ... etc.
First of all, this documentation page does a good job explaining things.
The following quote comes from mod_authz_host's documentation
The Order directive, along with the Allow and Deny directives,
controls a three-pass access control system. The first pass processes
either all Allow or all Deny directives, as specified by the Order
directive. The second pass parses the rest of the directives (Deny or
Allow). The third pass applies to all requests which do not match
either of the first two.
Note that all Allow and Deny directives are processed, unlike a
typical firewall, where only the first match is used. The last match
is effective (also unlike a typical firewall). Additionally, the order
in which lines appear in the configuration files is not significant --
all Allow lines are processed as one group, all Deny lines are
considered as another, and the default state is considered by itself.
In other words, if you have Order Allow,Deny, it will first process all Allow directives, then all Deny directives. You can probably figure out that it doesn't matter if you have 1 Allow from all or 100 Allow from all directives. The final result is the same, but with 100 of those directives your server will need more time processing. It will then process all deny directives and overwrite the permission you just gave if needed.
Therefore, you just need one Order Allow,Deny directive and only one Allow from all directive. Whatever script you are using can then just append Deny directives as it sees fit and all will work as expected.