htaccess Deny from all not working - .htaccess

Trying to deny access to a specific subfolder on a site.
I put an htaccess file in the subfolder with the following text:
Deny from all
But it has no effect. I also tried:
Order deny,allow
Deny from all
Wondering if there's some configuration I have to change?
I use GoDaddy for hosting.
Any help is appreciated.

Related

How to get htaccess to deny acess to a single I.P. on openshift?

I want .htaccess to selectively ignore some I.P. addresses.
I'm pushing the .htaccess file to http://modeldoc-treaties.rhcloud.com/wiki/extensions/log/ip.txt
I know that the .htaccess is being read because when it includes
deny from all
then I get the message "Forbidden".
But when I change the .htaccess file to say
deny from <my current I.P from whatsmyip>
then I'm not denied access.
Edit: after shooper's suggestion I tried (to allow just me)
Order Deny,Allow
deny from all
allow from <my.ip>
which blocks me, and also (to deny just me)
Order Allow,Deny
allow from all
deny fro <my.ip>
which allows me. So I guess the problem is I don't know what my i.p. actually is once it gets forwarded on openshift.
OpenShift has a reverse proxy in front of your application, so the ip that shows up to your .htaccess file is not the users real ip, it is stored in the x-forwarded-for header.
I think you probably need the "Order" directive as seen at http://httpd.apache.org/docs/2.2/howto/access.html.
Order deny,allow
Deny from <your current I.P. address>
Allow from all

htaccess deny from all in specific subfolder

I have a .htaccess in root public_html/.htaccess
Order deny,allow
Deny from .cn
I have deny ip from china
however I want lock one of folder admin folder
public_html/admin/
Is that possible to use .htaccess deny from all in specific subfolder
Is that possible to use .htaccess deny from all in specific subfolder
You could use a simple forbidden rule to deny anyone from accessing anything from a specific folder like this:
RewriteRule ^admin/folder - [F]
It would return a error 403 message like this:
Forbidden
You don't have permission to access ADDRESS on this server.
The above would forbidden anyone from accessing anything inside the folder public_html/admin/folder
Or you can simplify and just put an .htaccess on the folder you want to block with the following content:
Order deny,allow
deny from all
Put a .htaccess inside that folder withdeny from all

.htaccess, deny to download files within a directory

I am trying to deny everyone to download anything inside the "attachment" directory.
My website structure is:
public_html
-img
-css
-root
--attachment
---(numeric id)
----(files)
-js
What I am trying to do is, to deny access to root/attachment//
I tried many things, but I don't know why, I cannot get it working, my last tried was:
.htaccess - on main directory.
<FilesMatch "root/attachment/.*/.*">
Order Allow,Deny
Deny from all
</FilesMatch>
Any ideas?
Thank you very much :)
FilesMatch doesn't work with directories.
Create a new .htaccess inside root/attachment/ as
<FilesMatch ".*">
Order Allow,Deny
Deny from All
</FilesMatch>
Redirect rules specified in a parent directory .htaccess apply to its sub-directories as well. In case, these access rules do not work the same way, just move the .htaccess directly into files directory.
Create a new htaccess file /root/attackment/.htaccess and add the following lines
Order Allow,Deny
Deny from all

How to keep certain files exempt from .htaccess redirect?

I have one website (www.mysite.com) that I have on a temporary redirect to another folder (www.mysite.com/tempfolder/index.php). I also host another site in the root folder of www.mysite.com called www.subsite.com. It has it's own URL, but I can't figure out how to make that entire sub-folder exempt from the redirect! Any ideas? Here is what my .htaccess file looks like right now (which is perfectly redirecting everything to the temporary landing page).
<Limit GET POST PUT>
order deny,allow
deny from all
allow from ***
allow from ****
allow from *****
</LIMIT>
ErrorDocument 403 http://www.mysite.com.com/tempfolder/index.php
<filesMatch ".(htm|html|php|css|js|php|gif|jpg|db|png)$">
order allow,deny
allow from all
</FilesMatch>
Any ideas? thanks all!
try putting an .htaccess file in the subfolder that does not contain the redirection rules. That should work just fine -- it can even be a blank file.

Configuring .htaccess for subdirectories

Hello I don't know much about the .htaccess configuration, but I want to restrict access to php files on my web server and I want to have only index.php with parameters accessible.
My files are in subfolder like: www.mydomain.com/sub/index.php. I want to have access to open that index.php in subfolder, css files and js files.
Here is my configuration I have so far:
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
<Files /index.php>
Order Allow,Deny
Allow from all
</Files>
<FilesMatch "*\.(css|js)$">
Order Allow,Deny
Allow from all
</FilesMatch>
I have tried to do something like <Files sub/index.php> but everytime it restricts all php files in subfolders and www.mydomain.com/index.php works fine.
Can anyone help me with it?
You can move all files except ones needed to be accessible by http (index.php, css, images etc.) out from DocumentRoot directory to upper level, so directory layout looks like this:
/lib
/files
/html
/index.php
/css/
/images/
where /html is your DocumentRoot.
In this case you won't need any additional restrictive rules in .htaccess or VirtualHost configuration/
htaccess may not be the best option to preventing direct access to some of your Php files. Instead, create an access value and set it to some value in the page you wish directed access to and don't set it in other pages otherwise.
$access = 'some value';
if(empty($access)) { header("location:index.php"); die();}
This way other php files will only be accessible via include or require. Hope that helps.

Resources