allow wget & php deny from rest - .htaccess

SetEnvIf User-Agent .*Wget* wget
Order deny,allow<br>
Deny from all<br>
Allow from env=wget
ErrorDocument 403 /403.shtml
So I am currently using the above lines of text inside my htaccess file, and it works perfectly. The problem is I need to allow access to a mailer.php file that is also listed in that directory.
Is there a way i can allow access to just this file and use the above code yet to block out the rest?
And if it matters, the phpfile writes to a file inside that directory... it is called rc3.key (not sure if that is important but i think it could be)

Just add the following:
<Files "mailer.php">
Allow from all
</Files>
This will allow everyone to access mailer.php but will throw a 403 error for every other file.

Related

oscommerce allow running script independently on different folder

I have oscommerce installed on a domain (www.myoscommercesite.com), but now i want to run an independent script (www.myoscommercesite.com/myindependentscript) but getting a 404 message
I have tried adding this into htaccess file
<FilesMatch "\.(php)$">
Order Deny,Allow
Allow from all
</FilesMatch>
But problem still there
Thanks

How to get htaccess to deny acess to a single I.P. on openshift?

I want .htaccess to selectively ignore some I.P. addresses.
I'm pushing the .htaccess file to http://modeldoc-treaties.rhcloud.com/wiki/extensions/log/ip.txt
I know that the .htaccess is being read because when it includes
deny from all
then I get the message "Forbidden".
But when I change the .htaccess file to say
deny from <my current I.P from whatsmyip>
then I'm not denied access.
Edit: after shooper's suggestion I tried (to allow just me)
Order Deny,Allow
deny from all
allow from <my.ip>
which blocks me, and also (to deny just me)
Order Allow,Deny
allow from all
deny fro <my.ip>
which allows me. So I guess the problem is I don't know what my i.p. actually is once it gets forwarded on openshift.
OpenShift has a reverse proxy in front of your application, so the ip that shows up to your .htaccess file is not the users real ip, it is stored in the x-forwarded-for header.
I think you probably need the "Order" directive as seen at http://httpd.apache.org/docs/2.2/howto/access.html.
Order deny,allow
Deny from <your current I.P. address>
Allow from all

How to keep certain files exempt from .htaccess redirect?

I have one website (www.mysite.com) that I have on a temporary redirect to another folder (www.mysite.com/tempfolder/index.php). I also host another site in the root folder of www.mysite.com called www.subsite.com. It has it's own URL, but I can't figure out how to make that entire sub-folder exempt from the redirect! Any ideas? Here is what my .htaccess file looks like right now (which is perfectly redirecting everything to the temporary landing page).
<Limit GET POST PUT>
order deny,allow
deny from all
allow from ***
allow from ****
allow from *****
</LIMIT>
ErrorDocument 403 http://www.mysite.com.com/tempfolder/index.php
<filesMatch ".(htm|html|php|css|js|php|gif|jpg|db|png)$">
order allow,deny
allow from all
</FilesMatch>
Any ideas? thanks all!
try putting an .htaccess file in the subfolder that does not contain the redirection rules. That should work just fine -- it can even be a blank file.

Blocking Pdf Files From Direct Access Using .htaccess

This question have been on SO quite a few times, i have tried all the available options but still i am having hard time blocking a pdf file from direct access using absolute URL.
I using the following code inside .htaccess file which is in the same folder where pdf's are
Order Allow,Deny
<FilesMatch "^[^.]+\.(gif|jpe?g|png|pdf|doc|docx|txt|rtf|ppt|pptx|xls|mp4|mov|mp3|mpg|mpeg)$">
Deny from all
</FilesMatch>
When i access the directory of the pdf files it shows me a 403 forbidden access but the moment i enter the absolute url of the pdf it starts rendering the pdf in the browser.
Directory Url http://thetutlage.com/demo/pdfReader/files
Pdf Url :- http://thetutlage.com/demo/pdfReader/files/tracemonkey.pdf
Any help will be great. I have also tried using a redirect rule if a file has .pdf extension but that doesn't seems to be working as well.
Works fine:
Order Allow,Deny
Allow from all
<Files ~ "\.(gif|jpg|png|pdf)$">
Deny from all
</Files>

.htaccess to restrict access to folder

I have a php file that inherits (includes) another PHP files. All inherited files are located in one folder called "includes". I want to be able to restrict any direct access to this folder. Only PHP files within the server can communicate with the files in the "includes" folder. How can I use .htaccess to accomplish such goal?
FYI, I used the following code and it did not work
Order deny,allow
deny from all
Any help would be appreciated
If you don't have the option of actually moving the "includes" folder outside of the Document Root area, and using the include_path (i.e. you can't get to it from web), then enter
deny from all
in a .htaccess directory in that directory.
However, alternative is to use a DEFINES directive to only allow access to those include programs by specific authorised files. For example, put
<?php defined('ACCESS_ALLOWED') or die('Restricted Access'); ?>
in the top of the include files, and then put
<?php define('ACCESS_ALLOWED', 1); ?>
in the programs that are allowed to include those files.
This will prevent casual GETs to those include files from running them, and will work for any web server, not just those supporting htaccess files.
in your includes/.htaccess :
Order deny,allow
deny from all
You can actually just use an index.php and pass a 404 header using header():
header('HTTP/1.1 404 Not Found', 404);
IMO, this is better than a 403, since it's like the folder doesn't exist. As for the include files, put this line above the first include/require line of the main file:
define('INCLUDED', true);
And on every file in the include directory, put this at top most part.
if (!defined(INCLUDED)) {
header('HTTP/1.1 404 Not Found', 404);
}
You can deny direct access to the folder using the following Directives in htaccess or server.config contex :
Mod-alias based solution
Redirect 403 ^/folder/.+$
This will redirect all files and dirs of /folder/ to 403 forbidden error page.
Mod-rewrite base solution :
RewriteEngine on
RewriteRule ^/?folder/.+$ - [F]
Depending on possible other options set at a higher level you may need to use:
Satisfy all
Order deny,allow
Deny from all
I ran into this when the upper directory defined basic authentication including the line:
Satisfy any
This was preventing my deny from all to take effect because the users were authenticated.

Resources