I am trying to deny direct access to a subdirectory using .htaccess:
# Deny direct access
<Directory "/cron">
Deny from all
</Directory>
The above code is in the .htaccess file of my public_html directory. The subdirectory I am trying to block is located at public_html/cron.
When I enter an address within the /cron folder directly in the browser, I get a 500 server error instead of a 403. Any idea why?
You can't use <Directory> in .htaccess files.
http://httpd.apache.org/docs/2.2/en/mod/core.html#directory
Context: server config, virtual host
Use in your /cron/.htaccessfile:
deny from all
Related
I want to only provide public access to a single directory (/dist). I have an .htaccess file with the following:
Order deny,allow
Deny from all
<Directory /dist>
Order Allow,Deny
Allow from all
</Directory>
I'm trying to first deny access to all, then overwirte that directive with a allow rule for the /dist directory. However, when I try to access any file through the browser, I get the following:
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator at you#example.com to inform them of the time this error occurred, and the actions you performed just before this error.
More information about this error may be available in the server error log.
What am I doing wrong?
As #Anubhava said, Directory dirctive is not allowed in htaccess contex ,this directive is available for use only in Directory context. You can use a RewriteRule to deny access to all except /dist directory :
RewriteEngine on
RewriteRule !dist - [F]
This will forbid all incomming requests except a request for /dist.
I have a .htaccess in root public_html/.htaccess
Order deny,allow
Deny from .cn
I have deny ip from china
however I want lock one of folder admin folder
public_html/admin/
Is that possible to use .htaccess deny from all in specific subfolder
Is that possible to use .htaccess deny from all in specific subfolder
You could use a simple forbidden rule to deny anyone from accessing anything from a specific folder like this:
RewriteRule ^admin/folder - [F]
It would return a error 403 message like this:
Forbidden
You don't have permission to access ADDRESS on this server.
The above would forbidden anyone from accessing anything inside the folder public_html/admin/folder
Or you can simplify and just put an .htaccess on the folder you want to block with the following content:
Order deny,allow
deny from all
Put a .htaccess inside that folder withdeny from all
Hello I don't know much about the .htaccess configuration, but I want to restrict access to php files on my web server and I want to have only index.php with parameters accessible.
My files are in subfolder like: www.mydomain.com/sub/index.php. I want to have access to open that index.php in subfolder, css files and js files.
Here is my configuration I have so far:
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
<Files /index.php>
Order Allow,Deny
Allow from all
</Files>
<FilesMatch "*\.(css|js)$">
Order Allow,Deny
Allow from all
</FilesMatch>
I have tried to do something like <Files sub/index.php> but everytime it restricts all php files in subfolders and www.mydomain.com/index.php works fine.
Can anyone help me with it?
You can move all files except ones needed to be accessible by http (index.php, css, images etc.) out from DocumentRoot directory to upper level, so directory layout looks like this:
/lib
/files
/html
/index.php
/css/
/images/
where /html is your DocumentRoot.
In this case you won't need any additional restrictive rules in .htaccess or VirtualHost configuration/
htaccess may not be the best option to preventing direct access to some of your Php files. Instead, create an access value and set it to some value in the page you wish directed access to and don't set it in other pages otherwise.
$access = 'some value';
if(empty($access)) { header("location:index.php"); die();}
This way other php files will only be accessible via include or require. Hope that helps.
To prevent my Ajax files from direct acccess I did this:
I put all files in a common directory called "ajax" and put this in an .htaccess file in the same folder. This is my directory structure:
/var/www/html/ajax
<Directory "/var/www/html/ajax">
order allow,deny
Deny from all
Allow from 127.0.0.1
</Directory>
But this produces server error 500. .htaccess use is enabled in my server along with mod-rewrite. Please help.
The Directory directive is not allowed in your .htaccess file. see http://httpd.apache.org/docs/2.0/mod/core.html#directory. However, you can achieve the same result by simply placing the code you have in the .haccess in the /var/www/html/ajax directory, without the Directory directive
order allow,deny
Deny from all
Allow from 127.0.0.1
<Directory> is a directive that's not supported in .htaccess files, it's core and vhost specific.
For an .htaccess file, the directive is superfluous and must be omitted, because the directory is implied by the location of the .htaccess file.
Simply remove <Directory> and its closing "tag" and it should work.
I have a website for e.g.
www.domain.com
And I have another subdomain for e.g.
test.domain.com
Both my main and subdomain point to same directory which is public_html.
I want to block access to
test.domain.com/test.jpg
but not
domain.com/test.jpg
Please note that this test.jpg is same file for both main and subdomain as they both point to same directory. So how do I block it for subdomain but not for main domain using .htaccess? Or is there any other way of doing that?
Thanks
An .htaccess file will be used regardless of the virtual host (unless explicitly deactivated using AllowOverride None), therefore you'll have to put:
<Files /full/path/to/test.jpg>
Deny From All
</Files>
in the apache configuration file inside the test.domain.com virtual host configuration.