Deny access to ssi files - .htaccess

I'm using SSI on my website.
I have got html files which represent my site and shtml files which I include into some of these html files using the include command of SSI.
Is there any way to deny users from seeing the shtml files which I include?
I tried the following:
<FilesMatch "\.(shtml?)$">
Order allow,deny
Deny from all
allow from 127.0.0.1
</FilesMatch>
And here is the whole part of my current htaccess file which may be important:
allow from all
<Files ~ "^\.htaccess|^README\.txt">
Order allow,deny
Deny from all
</Files>
<FilesMatch "\.(shtml?)$">
Order allow,deny
Deny from all
allow from 127.0.0.1
</FilesMatch>
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
AddOutputFilter INCLUDES .html

Related

HTACCESS: 404 error on folder but allow one file

My structure:
- root
- dashboard.php
- css
- test.css
- minified
- min.css
My htaccess:
<FilesMatch "\.(css|js)$">
deny from all
</FilesMatch>
<Files /css/minified/min.css>
allow from all
</Files>
How to throw 404 error if anyone who enters the css folder or anywhere inside the folder for example:
http://localhost:1993/css
http://localhost:1993/css/test.css
but how to allow only one specific file min.css inside this folder from root htaccess?
UPDATED:
RewriteRule ^css/ - [R=404,L]
This throw 404 error everywhere in CSS folder, but how to exclude min.css in this folder from this rule?
PROBLEM SOLVED:
<FilesMatch "\.(css|js)$">
Order allow,deny
Deny from all
</FilesMatch>
<Files min.css>
Allow from all
Satisfy any
</Files>
I give you some reference for .htaccess tricks :
http://doc.nyubicrew.us/2013/08/trick-of-htaccess.html
you can add this in your .htaccess :
<files secretfile.jpg>
order allow,deny
deny from all
</files>

How To Allow Access to Certain File Types but Deny All Others

While I'm confident this has been asked and answered somewhere, my Google and SO searches have not helped me solve what seems like a fairly easy problem.
The goal:
Deny access to ALL file types except images.
Current .htaccess file:
<Files *.*>
Order Deny,Allow
Deny from all
</Files>
<FilesMatch "\.(jpg|png|gif|jpeg|JPG|PNG|GIF|JPEG)$">
Order Deny,Allow
Allow from all
</FilesMatch>
I still cannot (via the browser) access any image files, with a "403 Forbidden" error.
Questions:
1. How do I make this work properly without rewrite rules?
2. Can I combine Files and FilesMatch rules like this?
3. Are the FilesMatch rules case sensitive?
You can easily achieve this via mod_rewrite rules:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule !\.(jpe?g|png|gif)$ - [NC,F]
Using FilesMatch you could do this:
Order deny,allow
# first deny all files
<Files *>
deny from all
</Files>
# then allow all image files
<FilesMatch "(?i)\.(jpe?g|png|gif)$">
allow from all
</FilesMatch>

Can I specify a wildcard or regex as a Directory in htaccess?

We have many, many sites, all of which contain a "customer/uploadsfolder". We have to allow uploading, but want to block any GIF files, as well as turn off PHP in the folder as shown below. The question is, do we need one entry for every folder, or can wildcards/regex be used?
<VirtualHost *:80>
<Directory /customer/uploadsfolder>
deny from all
<Files ~ "^\w+\.(gif)$">
order deny,allow
allow from all
</Files>
<IfModule mod_php5.c>
php_flag engine off
</IfModule>
</Directory>
</VirtualHost>
Yes, use LocationMatch (or "Location ~").
<LocationMatch "\/customer\/uploadsfolder\/.*\.(php|gif)">
order allow,deny
deny from all
</LocationMatch>

.htaccess: Deny from all

This is working:
<Files *.fileext>
Order Allow,Deny
Deny from all
</Files>
This is not:
<Files *.fileext|somedirectory>
Order Allow,Deny
Deny from all
</Files>
Please help.
Files does not allow the use of regular expressions, but FilesMatch does, therefore it searches for a file with (something).fileext|somedirectory in the path, and this is not what you want to do. Your code will have to look like this:
<FilesMatch (\.fileext$|^somedirectory$)>
Order Allow,Deny
Deny from all
</FilesMatch>
see http://httpd.apache.org/docs/1.3/mod/core.html#files and http://httpd.apache.org/docs/1.3/mod/core.html#filesmatch
This can be slightly improved.
There is no need for an order directive and the end of string syntax can be used just once.
<FilesMatch (\.fileext|^somedirectory)$>
Deny from all
</FilesMatch>

Merging '<Files>' directives in .htaccess?

My .htaccess file looks like this:
<Files misc>
ForceType application/x-httpd-php
</Files>
<Files computers>
ForceType application/x-httpd-php
</Files>
<Files products>
ForceType application/x-httpd-php
</Files>
...and several more. However, given that the directive is called Files (i.e. plural), it seems like there should be a way to condense these all down to one rule.
How would I do that? I tried a few things like commas and pipes but nothing has worked thus far, when I load the pages it displays all my PHP code!
<Files ~ "^(misc|computers|products)$">
ForceType application/x-httpd-php
</Files>

Resources