How do i deny access to a directory on my webserver - .htaccess

Im trying to deny access to a directory on my webserver but allow access to a certain URL like this. Deny access to www.mydomain.com/admin but allow access to www.mydomain.com/admin/webmailogin.
I need some help. Is it possible to do this with a .htaccess file?

You can add this rule in /admin/.htaccess:
RewriteEngine On
RewriteBase /admin/
RewriteRule ^$ - [F]

Related

how to restrict access to a file in .htaccess to a particular domain

I want to restrict access to a file "test.txt" with .htaccess
The problem, I'm on a multisite and I want only one domain to access to the file eg. mydomain.com/test.txt
When other domain trying to access, it should denied them: otherdomain.com/test.txt
Multisite is sharing the same files but different db.
<Files "test.txt">
Order deny,allow
deny from all
allow from mydomain.com
</Files>
You may use this deny rewrite rule instead of allow/deny:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^(?:www\.)?mydomain\.com$ [NC]
RewriteRule ^test\.txt$ - [NC,F]

How to deny access to a folder with .htacces and openlitespeed

How do I enable deny for a folder through htaccess with openlitespeed? I tried
RedirectMatch 403 ^/folder/?$
and
Deny from all
But it didn't work, I still access the folder even after restart openlitespeed
Could you please try following in your htaccess file. This will forbid any URL whose uri starts with folder.
RewriteEngine ON
RewriteRule ^folder - [F,L]

deny access to index.php but allow index.php?var=val

I wonder if I can deny accessing http://domain.tld/index.php and allow only http://domain.tld/index.php?var=val
Is this possible with a rewritecond and rewriterule? I cannot figure this out. Any help?
Thanks!
Yes it is possible. The trick to use a condition to check the query string, using this in your docroot .htaccess file which allows you to forbid access to index.php unless the variable var is set:
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} !\bvar=
RewriteRule index.php - [F]
Does it have to be a rewrite rule? If it's a PHP script, you could detect the absence of the required parameters and just return an appropriate HTTP header to deny access.

Restrict / Block Directory Based on IP Address

Trying to block directory access from everyone except 1 IP address. This .htaccess code blocks access but it blocks access to everything including images, css, etc. What do I need to change?
RewriteCond %{REMOTE_ADDR} !^XX\.XXX\.XX\.XXX$
RewriteRule ^hidedirectory(.*)$ http://site.com/ [R,L]
Anyone accessing mysite.com/hidedirectory except me should redirect to mysite.com. Is there a better, more secure way to do this including something like an http response code?
Better way is to do this in your .conf file:
<Directory /hidedirectory>
options -Indexes
Order Deny,Allow
Deny from all
Allow from XX.XXX.XX.XXX
</Directory>
This will deny everythig like your rewrite rules.
But since you want to allow access to images/css etc...
RewriteCond %{REMOTE_ADDR} !^XX\.XXX\.XX\.XXX$
RewriteCond %{REQUEST_URI} !\.(?:jpe?g|png|gif|css)$ [NC]
RewriteRule ^hidedirectory(.*)$ http://site.com/ [R,L]
Add any other extensions into (?:jpe?g|png|gif|css) suffixed by a |(or).

.htaccess allow script access within my domain

I am looking for the specific .htaccess command that will allow me to deny http access from everyone BUT my scripts.
I have a script that runs out of the root directory that goes and fetches all of the .jpg's out of a given protected directory with the following .htaccess file
<files *.jpg>
order allow, deny
deny from all
</files>
I was thinking something similar to this might work
<files *.jpg>
order allow, deny
deny from all
allow from rootUrl.com
</files>
Your first example should work, since scripts don't make any HTTP requests.
Edit: Unless, your script for some strange reason makes HTTP requests to its own server, which I really don't think it does. Nor should it.
Edit again: Since your script is outputting img elements pointing to the protected files, you have to let all visitors access the files. There is no work-around. You could however stop hotlinking by using .htaccess like this:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?yoursite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ [F]

Resources