Deny access to a folder using .htaccess from web - .htaccess

I want to deny access to a folder from web using .htaccess, but I want give access to this folder inside the system.
I used deny from all in .htaccess file, it prevent the full access to the folder but I can't access the folder inside the system.
Thanks in advance

You could use allow and specify the adress to be allowed
Allow from 127.0.0.1

Related

How to whitelist access on certain files to certain subdomains in .htaccess

I have a subdomain that uses file_get_contents in php, and I need that to access an otherwise restricted file. In my .htaccess I have
<Files "file.txt">
Order Allow,Deny
Allow from subdomain.site.com
Deny from all
</Files>
The main problem I have here is that it doesn't unblock access from subdomain.site.com. I can't access the subdomain via url path because of site isolation set in place by my hosting provider.
The tutorial I have found says that you can whitelist certain websites to access this file. But, for some reason even following their syntax, it for some reason won't whitelist that site.
Tutorial:
https://www.askapache.com/htaccess/#developing_sites

How to limit get access to only a few folders within the same parent folder using htaccess?

I currently have the following folder structure.
/downloads/
—/contracts/
—/user_images/
—/passports/
—/applications/
.htaccess
What I would like to achieve is to restrict GET LIMIT on the contracts and passports folders while user_images and applications folders are fully accessible.
.htaccess
<Limit GET>
order allow, deny
deny from all
</Limit>
My .htaccess file is restricting all access with the downloads folder. Can anyone advise how I can access only the user_images and applicationsfolders and its content while the rest of the folders are restricted?

deny access to directory listing using htaccess

I want to deny access to particular directory to show list of files in it in the browser. For example, If I go to the url, localhost/myproject/assets, it will show all the list of files in it, I want to deny that. And also if logged in user access specific file in it, for ex : localhost/myproject/assets/uploads/img/1.jpg then it should be accessible.
Also how to deny access to a localhost/myproject/assets/uploads/img/1.jpg if that 1.jpg is uploaded by some other user.
I'm new to laravel ,Any help is much appreciated. thanks
You could add the following to the .htaccess file in the folder. This might help.
Options -Indexes
You cannot deny the access to the jpg uploaded by another user.
If you are using Apache, you can place a .htaccess file in the folder you want to block. Then you can use deny from all to block all requests to that folder.
This works because a .htaccess file can be in every directory in your web root, and only cares about the directory it is in and its subdirectories.
See this answer.

How do I provide a local download link to files denied by htaccess

Users who log in to an admin area of a website need to be able to download files that have been previously uploaded by other admins. Public access to these files is not allowed.
The files are held in a directory called uploaded-files and there is a .htaccess in that folder:
<FilesMatch "\.(pdf|doc|docx|ods|xls|xlsx|ppt)$">
Order deny,allow
Deny from all
Allow from localhost
</FilesMatch>
That seems to work ok.. The public can't link to the files. The trouble is that the logged in admins can't link to them either because:
<a href"uploaded-files/abc.pdf">download</a>
gives a 403 forbidden when clicked. So it seems php/html files on the server can't access the files either.
What am I doing wrong? Surely there is an easy way to allow people on the server to download files via a link but still deny access to public?
I've tried keeping the files outside the public_html but I can't provide a link to that location either :(
You should keep these files outside your DOCUMENT_ROOT.
Download links should be via a PHP file e.g. <a href"http://domain.com/download-files.php?file=abc.pdf">download abc.pdf</a>
php code can check for auth part and allowed host etc. If all validations pass then return content of PDF with proper CONTENT type to the browser.

Prevent user from accessing the uploaded file

I have a module which enable user to upload photos to a certain path like
domain/media/img/uploadedFiles/
I would like to user can upload photo to this location but he cannot reach the uploaded photo by writing
domain.com/media/img/uploadedFiles/filename
I have achieved not to list the files in that path by using .htaccess file but If user knows the name of the uploaded file he can still reach that file.
Thanks
Assuming you're using Apache, you can block access to files in .htaccess too. For example:
<Files private.html>
Order allow,deny
Deny from all
</Files>
To prevent users from accessing any files in the directory, try putting an .htaccess file containing this inside the directory, which sets the default state to deny:
Order Allow,Deny
For more examples of specifying what resources you want to protect, see http://httpd.apache.org/docs/2.2/sections.html
See http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html for more information on access control with Apache.

Resources