htaccess file restriction - apache

I have a directory on my webserver. It does not have an index page. so when u access the directory via a web browser it lists the files in it. Now i want to create a htaccess file that can block the directory listing so that when you access it via the web browser, the files in the directory would not be listed but would be able to access the files by appending the name of the file you wish to access to the url making it a full part to the file. Also the htaccess file should be able to restrict access from all but files with a particular extention. Thanks.

Options -Indexes
Order allow,deny
Deny from all
<Files "*.gif">
Allow from all
Deny from none
</Files>

You can turn off the file listing for a particular directory in the directory's .htaccess with
Options -Indexes
OR
You could just put an empty index.html file in the directory you want to protect.

In the .htaccess file in your directory just put
Options -Indexes
As stated before.
Edited to remove the wrong htaccess setting. Again sorry

Related

.htaccess is not being read using XAMPP

I cant figure out why the .htaccess file is not being read. I am using XAMPP
Here is the httpd.conf file
DocumentRoot "C:/xampp/htdocs"
<Directory "C:/xampp/htdocs">
Options None
AllowOverride All
Require all granted
</Directory>
I dont want content listing enabled except for one folder called photos.
so inside the photos directory inside htdocs- using notepad i created a .htaccess file and included
#Allow the listing of folder content
Options All
This did not work and the error log shows:
Cannot serve directory C:/xampp/htdocs/photos/: No matching DirectoryIndex (home.php,home.html,home.htm,index.php,index.html,index.htm) found, and server-generated directory index forbidden by Options directive
I also added rubbish to the beginning of the access file to see if it would reproduce an error but all it says is 403 forbidden.
Other things i tried was
#Allow the listing of folder content
Options Indexes
basically, for every folder there should be no content listing except for the photos folder which is why i created a .htaccess file and placed it inside the photo folders. (it must be a .htaccess)
any ideas why this is not working?
To anyone who comes across this needing help - I figured it out.
notepad was saving it as .htaccess.txt even after selecting 'All Files'
To fix this used brackets (you can use another other software like notepad++) and saved it under .htaccess and that worked.

write .htaccess to make all the files n folders present in a folder to be served on my website when in maintenance mode (403 (forbidden mode))?

I have the following file structure in cPanel
web_root_folder_
|____.neverDelete/_____
| |_____img/logo-30.png
| |_____js/error-page.js
| |_____css/error-page.css
|
|____403.shtml
|
|____.htaccess
I wanted to write .htaccess with some code that puts the website in 'maintenance mode'.
So...I wrote 403.shtml page, which uses external css, javascript and images stored in .neverDelete folder.
I wrote the following code in .htaccess
# The WORKING CODE (Too Long 😑)
Deny From All
<FilesMatch 404-layout.min.css>
Allow From All
</FilesMatch>
<FilesMatch logo-small-transparent-30.png>
Allow From All
</FilesMatch>
<FilesMatch error-page.js>
Allow From All
</FilesMatch>
This code successfully worked. It implemented a 403(forbidden) for all files except the 3 files (mentioned in .htaccess file)
but, I want to make all the files n folders present in .neverDelete/ to be served on my website when in maintenance mode.
So i visited http://httpd.apache.org/docs/1.3/mod/core.html#directory to get help. I wrote the code in .htaccess below that actually gave in a 500(server error).
# WRONG CODE
Deny From All
<Directory .neverDelete/ >
Allow From All
</Directory>
How can I make all the files n folders present in .neverDelete/ to be served on my website when in maintenance mode.
Thanks to #CBroe
In the .htaccess file, we can't use a <Directory> container, since the .htaccess file itself defines the directory.
Since .htaccess defines the directory...we can put a .htaccess file in the .neverDelete/ directory with the following code
Allow from all
This will make the contents of the .neverDelete/ directory always available.

.htaccess to allow only pdf files in a subdirectory

I am trying to write an .htaccess file to only allow access to pdf files in a subdirectory. I'm going to deploy the file on a host that I don't control, so I can't make changes to the apache configuration.
I want to only allow access to .pdf files in the Foo directory. I have attempted:
Deny From All
<FilesMatch ".+\/Foo\/.+\.pdf$">
Allow From All
</FilesMatch>
However, when I attempt to access example.com/bar/Foo/baz.pdf, I am given an HTTP 403 Forbidden response.
How can I deny access to everything, except for pdf files in one particular directory?
Thanks
Create a this inside root .htaccess as your very first rule:
RewriteEngine On
# prohibit everything except .pdf files
RewriteRule ^foo/(?!.*\.pdf$) - [F,NC]

htaccess specify directory and robot file

I hanv a htaccess file I block directories by
Options -Indexes
but I would like to allow admin directory. above code block admin directory too.
Second thing is some of hacker get all directory name of our site by search engine. if I disallow search engine for all secure directories in robots.txt file then hacker can read directories from robots.txt.
If I block .txt extention by
<FilesMatch "\.(htaccess|htpasswd|ini|txt|log|sh|inc|bak)$">
Order Allow,Deny
Deny from all
this htaccess code can search engine read my robots.txt file for other directories?
conclusion:
I would like to disallow all directories but allow admin directory. and also like to block secure directory from search engine.
I got answer for allow directory but second question not confirm that google can read or not.
You will need to password protect your /admin folder and turn on indexes in that folder. Add your protected files inside that folder. Google nor anyone else will be able to read them without the password you made and stored in .htpass.
For example /admin/.htaccess
AuthUserFile /var/www/vhosts/example.com/httpdocs/.htpass
AuthType Basic
AuthName "Administration"
require valid-user
Options +Indexes
Read more about Apache Module mod_authn_file

Subfolder directory browsing in Apache2

Got a folder at http://myserver/folder/, I have disabled directory browsing for that folder.
But I want to enable directory browsing for the subfolders of http://myserver/folder/
How can I do this??
Thanks.
here's a working simple solution:
<Directory /path/to/docroot/folder>
Options -Indexes
</Directory>
<DirectoryMatch /path/to/docroot/folder/(.)*/>
Options +Indexes
</DirectoryMatch>
If you do not control apache, you can do this in a per-directory basis in your own files adding .htaccess file in the corresponding directory containing
Options +Indexes
Here is an option that you can use from .htaccess:
Options +Indexes
RewriteRule ^$ - [F]
You can just change the permissions of the respective folders. However, if you don't want to allow directory browsing at the /folder/ level, they'll need some link or way to get inward to the folders where you do allow browsing.
You can do this with an .htaccess file in each subfolder or at the top of each subfolder hierarchy. http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride ~ assuming apache
Your mileage might vary ...
.htaccess how no effect
neither did
Options +Indexes
but renaming index.html to _index.html display the files and folders in the browser
Another way is, if you have a directory you don't want browseable, create an empty index.html file in it, hopefully apache will pick that up and serve it instead :)
For any directory where you want to have the ability to list the directory, simply navigate there then execute this command:
echo "Options +Indexes" >.htaccess