htaccess <files> directive affecting subdirectories - .htaccess

The directive in htaccess affects subdirectories as well, so:
<files login.php>
order deny,allow
deny from all
Is blocking access to all files named like that regardless of where they are located. Is there a way to make it apply only to the file in the current directory (where .htaccess is located) but not directories below it?

You can use Location instead of Files
<Location "path/folder/file">
Order Allow,Deny
Deny from all
</Location>

You can use mod-rewrite instead of files directive to deny access to a specific file.
RewriteEngine on
RewriteRule ^login\.php$ - [R=403,L]
This will block access to a single URL http://example.com/login.php .
Or you can also use the following one liner mod-alias based blocking:
Redirect 403 /login.php

Related

.htaccess in subdirectory to deny everything in subdirectory except index.php

Here's what the web hosted directory looks like:
public_html
subdirectory
index.php
other stuff
.htaccess
Is there a way to make the .htaccess file deny everything relative to its location (i.e. everything in the subdirectory) except for the index.php file in that directory, without affecting anything located in its parent directory?
I've tried the following, but it's denying me access to /subdirectory/ as well. If I do /subdirectory/index.php it seems to work.
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
<Files ./index.php>
Order Allow,Deny
Allow from all
</Files>
The most ideal is if the solution is agnostic of the directory structure it's in -- that is in the future I could move everything to the parent directory, and it'd still work.
Try this in the mentioned .htaccess location :
RewriteEngine On
RewriteRule !^(index|$) - [F]
That will only allow request to index at this directory and will not affect parent directory.

How To Allow Access to Certain File Types but Deny All Others

While I'm confident this has been asked and answered somewhere, my Google and SO searches have not helped me solve what seems like a fairly easy problem.
The goal:
Deny access to ALL file types except images.
Current .htaccess file:
<Files *.*>
Order Deny,Allow
Deny from all
</Files>
<FilesMatch "\.(jpg|png|gif|jpeg|JPG|PNG|GIF|JPEG)$">
Order Deny,Allow
Allow from all
</FilesMatch>
I still cannot (via the browser) access any image files, with a "403 Forbidden" error.
Questions:
1. How do I make this work properly without rewrite rules?
2. Can I combine Files and FilesMatch rules like this?
3. Are the FilesMatch rules case sensitive?
You can easily achieve this via mod_rewrite rules:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule !\.(jpe?g|png|gif)$ - [NC,F]
Using FilesMatch you could do this:
Order deny,allow
# first deny all files
<Files *>
deny from all
</Files>
# then allow all image files
<FilesMatch "(?i)\.(jpe?g|png|gif)$">
allow from all
</FilesMatch>

htaccess not working

I just inherited an ExpressionEngine site from someone without much documentation for how it was put together. I'm trying to set up some 301 redirects, but the htaccess file is being ignored. I have a file named .htaccess in the same directory as our index file, yet it isn't being read.
Our IT department says that AllowOverride in Apache is set to "all," and they suspect that the problem is within ExpressionEngine. Is there a place within ExpressionEngine where htaccess can be enabled/disabled, or is this an Apache thing?
Thanks!
Thanks. Here's what I have in the htaccess file:
# Standard .htaccess file
# Secure .htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>
Redirect 301 /index.php/info_resources/sites http://www.cptc.edu/index.php/site_directory/
# Don't show any directory without an index file
Options -Indexes
# Dont list files in index pages
IndexIgnore *
# EE 404 page for missing pages
# May differ depending on where your template is located.
ErrorDocument 404 /index.php?/site/404

htaccess directory listing

I'm trying to list files in one particular directory and with one particular ip. This htaccess file is located in that directory. So far, it seems that the hosting does not allow me to list directories. On localhost i can list everything in that directory, except the IndexIgnore ones, of course. The htaccess file content is:
Options +Indexes
<Limit GET POST>
order deny,allow
deny from all
allow from 1.1.1.1
</Limit>
IndexIgnore tabele_remote.php
IndexIgnore demo.txt
IndexIgnore functions.php
IndexIgnore config.php
It seems that AllowOverride directive is set somewhere previously
Also check there is no IndexIgnore * set on the parent directories or server entirely
change order deny,allow to order allow,deny and give it a try.
Also set AllowOverride all

.htaccess allow script access within my domain

I am looking for the specific .htaccess command that will allow me to deny http access from everyone BUT my scripts.
I have a script that runs out of the root directory that goes and fetches all of the .jpg's out of a given protected directory with the following .htaccess file
<files *.jpg>
order allow, deny
deny from all
</files>
I was thinking something similar to this might work
<files *.jpg>
order allow, deny
deny from all
allow from rootUrl.com
</files>
Your first example should work, since scripts don't make any HTTP requests.
Edit: Unless, your script for some strange reason makes HTTP requests to its own server, which I really don't think it does. Nor should it.
Edit again: Since your script is outputting img elements pointing to the protected files, you have to let all visitors access the files. There is no work-around. You could however stop hotlinking by using .htaccess like this:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?yoursite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ [F]

Resources