I have a folder that I wish to deny access to, but I wish there to be a subdirectory (and all its files and any subdirectories) that is accessible.
Sample directory structure:
/modules/
/modules/gallery/public/manifest.xml
/modules/gallery/public/js/core.js
/modules/gallery/public/css/master.css
/modules/news/public/images/status.png
/modules/news/public/css/style.css
The .htaccess file needs to be in "modules" as its subdirectories are user provided (they are plugins to a CMS), each user provided folder might have a "public" directory and only files and folders in "public" should be accessible.
You can set an environment variable if the request contains a /public/, doing something like this in your htaccess file in the modules directory:
SetEnvIf Request_URI /public/ ispublic=1
Order Deny,Allow
Deny from all
Allow from env=ispublic
If you want to be even more restrictive, you can tweak the /public/ regex to include depth, for example, only 1 directory deep into modules:
SetEnvIf Request_URI ^/[^/]+/public/ ispublic=1
Related
Say that I have the following directory structure:
/
/opt
/opt/lampp
/opt/lampp/htdocs/
/opt/lampp/htdocs/...
/opt/lampp/htdocs/.../project
And then within the project/ directory, I have the following directory structure:
project/
project/.htaccess
project/index.php
project/dashboard.php
project/theme.css
project/...
project/subdir-1
project/subdir-1/...
project/subdir-2
project/subdir-2/...
project/subdir-3
project/subdir-3/...
What do I write in project/.htaccess to allow access to all files in the project/ directory, but deny access to all the sub-directories (i.e. subdir-*) and all the files in each sub-directory?
Here is what I have so far:
.htaccess
# Deny access by default
Order deny,allow
Deny from all
# Allow access to all PHP/CSS files in current directory
<Files ~ "[^/]\{0,}\.(php|css)$">
Allow from all
</Files>
I'm basically trying to allow access to all PHP/CSS files, except for files with a '/' in the file name; however, the result is that I am unable to access anything. What would be the correct way to accomplish this?
Also, is there a cross-platform way to do this (i.e. So that it would work on both UNIX/Linux & Windows servers)?
To deny access to all sub-directories of the /project folder, you can use the following mod-rewrite Rule in project/.htaccess :
RewriteEngine on
#if the request is for existent dirs, forbid the request
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [R=403,L]
This returns a 403 error response if you request a directory that exists.
If you want to do this for both files/directories, you can use the following redirect
RedirectMatch 403 /project/.+/.*$
I am trying to write an .htaccess file to only allow access to pdf files in a subdirectory. I'm going to deploy the file on a host that I don't control, so I can't make changes to the apache configuration.
I want to only allow access to .pdf files in the Foo directory. I have attempted:
Deny From All
<FilesMatch ".+\/Foo\/.+\.pdf$">
Allow From All
</FilesMatch>
However, when I attempt to access example.com/bar/Foo/baz.pdf, I am given an HTTP 403 Forbidden response.
How can I deny access to everything, except for pdf files in one particular directory?
Thanks
Create a this inside root .htaccess as your very first rule:
RewriteEngine On
# prohibit everything except .pdf files
RewriteRule ^foo/(?!.*\.pdf$) - [F,NC]
Given the directory www/html/file.php would it be it be appropriate to place my .htaccess alongside with file.php?
That way making rules for file.php (demo example below)
~Rule~ file.php ...
file.php would be located.
No. It depends on the setting of AllowOverride for specific directories - however, in most configurations AllowOverride is enabled for the document root.
See http://httpd.apache.org/docs/current/de/howto/htaccess.html#page-header
According to that documentation, you should put any rules into the global configuration file instead of .htaccess files if possible. if you can't access the global configuration file, you should put the .htaccess file into the folder it applies to.
I hanv a htaccess file I block directories by
Options -Indexes
but I would like to allow admin directory. above code block admin directory too.
Second thing is some of hacker get all directory name of our site by search engine. if I disallow search engine for all secure directories in robots.txt file then hacker can read directories from robots.txt.
If I block .txt extention by
<FilesMatch "\.(htaccess|htpasswd|ini|txt|log|sh|inc|bak)$">
Order Allow,Deny
Deny from all
this htaccess code can search engine read my robots.txt file for other directories?
conclusion:
I would like to disallow all directories but allow admin directory. and also like to block secure directory from search engine.
I got answer for allow directory but second question not confirm that google can read or not.
You will need to password protect your /admin folder and turn on indexes in that folder. Add your protected files inside that folder. Google nor anyone else will be able to read them without the password you made and stored in .htpass.
For example /admin/.htaccess
AuthUserFile /var/www/vhosts/example.com/httpdocs/.htpass
AuthType Basic
AuthName "Administration"
require valid-user
Options +Indexes
Read more about Apache Module mod_authn_file
I have a directory on my webserver. It does not have an index page. so when u access the directory via a web browser it lists the files in it. Now i want to create a htaccess file that can block the directory listing so that when you access it via the web browser, the files in the directory would not be listed but would be able to access the files by appending the name of the file you wish to access to the url making it a full part to the file. Also the htaccess file should be able to restrict access from all but files with a particular extention. Thanks.
Options -Indexes
Order allow,deny
Deny from all
<Files "*.gif">
Allow from all
Deny from none
</Files>
You can turn off the file listing for a particular directory in the directory's .htaccess with
Options -Indexes
OR
You could just put an empty index.html file in the directory you want to protect.
In the .htaccess file in your directory just put
Options -Indexes
As stated before.
Edited to remove the wrong htaccess setting. Again sorry