Deny access permissions - apache, linux - linux

How can I deny access permission to an entire folder except one file?
For example, my DocumentRoot is "/var/www/html" and there I have a folder called example. In there, there are many files and one of them is index.php. So I want to give access permission only to this file, and deny access permissions to the other files in that folder.

did you try something like this into your apache configuration (server httpd.conf or .htaccess file) ?
<Directory "/var/www/html/example">
<FilesMatch index.php*>
Order allow,deny
Allow from all
</FilesMatch>
Order deny,allow
Deny from all
</Directory>

Related

Forbidden access to custom files

I have files which contain important settings(MySQL password etc...), and jQuery scripts. I don't want them to be accessed(over link, eg. link.com/scripts/jquery_script.js). I made something but that code don't work. Code is in .htaccess file. .htaccess file is in root. I put echo in settings.php file, and I can see it.
<files scripts/settings.php>
order allow,deny
deny from all
</files>
Files directive doesn't take full path.
Use this directive in /scripts/.htaccess (create it if it doesn't exist):
<files settings.php>
order allow,deny
deny from all
</files>

htaccess visible by Web clients

I just discovered my .htaccess file is publicly visible from web clients (e.g. site/.htaccess ).
I'm running Apache/2.2.22 with mod_fcgid.
htaccess is working, if I put garbage in it I get Internal Server Error.
It seems these lines inside apache2.conf are ignored:
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy all
</Files>
Any hint?
Update
Inside conf.d directory there's a configuration file blocking some spambots and some ip ranges.
<Location />
Order allow,deny
Allow from all
# Forum Spambots
deny from IP-RANGE
deny from env=bad_bot
</Location>
How can I still block .htaccess and .htpasswd from being visible from web clients?

Accessing special files in apache2

i want to know how to have access some files in special directory which is need to be authenticate with apache web server
this is my config file
<Directory /var/www/media>
Order deny,allow
AuthType Basic
AuthName "Restricted Files"
AuthUserFile htpasswd
Require user ABC
Options +Indexes
</Directory>
inside the media folder i have folder named temp and inside temp there are some pdf files
i want to access them without entering password
or access from url like this "www.example.com/media/temp/abc.pdf"
Inside /var/www/media/temp/.htaccess have these 2 lines:
Satisfy Any
Allow from all
This will disable Basic Auth for whole /var/www/media/temp/ directory and all files under it. However if you want to disable only for /var/www/media/temp/*.pdf files then you need more code using mod_setenvif as this:
SetEnvIfNoCase Request_URI \.pdf$ NO_AUTH
Satisfy any
Order deny,allow
Deny from all
Allow from env=NO_AUTH
Just define new rules for subfolder:
<Directory /var/www/media/temp>
Order allow,deny
Satisfy Any
Allow from all
</Directory>

How to deny access to a file in .htaccess

I have the following .htaccess file:
RewriteEngine On
RewriteBase /
# Protect the htaccess file
<Files .htaccess>
Order Allow,Deny
Deny from all
</Files>
# Protect log.txt
<Files ./inscription/log.txt>
Order Allow,Deny
Deny from all
</Files>
# Disable directory browsing
Options All -Indexes
I am trying to forbid visitors to access the following file:
domain.example/inscription/log.txt
but what I have above does not work: I can still access the file from the browser remotely.
Within an htaccess file, the scope of the <Files> directive only applies to that directory (I guess to avoid confusion when rules/directives in the htaccess of subdirectories get applied superceding ones from the parent).
So you can have:
<Files "log.txt">
Order Allow,Deny
Deny from all
</Files>
For Apache 2.4+, you'd use:
<Files "log.txt">
Require all denied
</Files>
In an htaccess file in your inscription directory. Or you can use mod_rewrite to sort of handle both cases deny access to htaccess file as well as log.txt:
RewriteRule /?\.htaccess$ - [F,L]
RewriteRule ^/?inscription/log\.txt$ - [F,L]
Strong pattern matching — This is the method that I use here at Perishable Press. Using strong pattern matching, this technique prevents external access to any file containing “.hta”, “.HTA”, or any case-insensitive combination thereof. To illustrate, this code will prevent access through any of the following requests:
.htaccess
.HTACCESS
.hTaCcEsS
testFILE.htaccess
filename.HTACCESS
FILEROOT.hTaCcEsS
..etc., etc. Clearly, this method is highly effective at securing your site’s HTAccess files. Further, this technique also includes the fortifying “Satisfy All” directive. Note that this code should be placed in your domain’s root HTAccess file:
# STRONG HTACCESS PROTECTION
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>
I don't believe the currently accepted answer is correct. For example, I have the following .htaccess file in the root of a virtual server (apache 2.4):
<Files "reminder.php">
require all denied
require host localhost
require ip 127.0.0.1
require ip xxx.yyy.zzz.aaa
</Files>
This prevents external access to reminder.php which is in a subdirectory.
I have a similar .htaccess file on my Apache 2.2 server with the same effect:
<Files "reminder.php">
Order Deny,Allow
Deny from all
Allow from localhost
Allow from 127.0.0.1
Allow from xxx.yyy.zzz.aaa
</Files>
I don't know for sure but I suspect it's the attempt to define the subdirectory specifically in the .htaccess file, viz <Files ./inscription/log.txt> which is causing it to fail. It would be simpler to put the .htaccess file in the same directory as log.txt i.e. in the inscription directory and it will work there.
Place the below line in your .htaccess file and replace the file name as you wish
RewriteRule ^(test\.php) - [F,L,NC]
Well you could use the <Directory> tag
for example:
<Directory /inscription>
<Files log.txt>
Order allow,deny
Deny from all
</Files>
</Directory>
Do not use ./ because if you just use / it looks at the root directory of your site.
For a more detailed example visit http://httpd.apache.org/docs/2.2/sections.html

Apache - How to deny directory but allow one file in that directory

I try to configure my Apache .conf file to deny listing from a certain category, but I want to allow a specific file inside this category.
It appears that the Directory rule is "stronger" than the Files rule, so when using both - I can't access that certain file.
This is what I try:
<Directory /var/www/denied_directory>
order deny,allow
Deny From All
</Directory>
<Files safefile.php>
Order Allow,Deny
Allow from All
</Files>
It works perfectly if it is configured properly:
<Directory /var/www/denied_directory>
Order allow,deny
<Files test.php>
Order deny,allow
</Files>
</Directory>
In Apache 2.4, with an additional test on an environment variable for good measure:
See also: Require Directive
<Directory "/wikis/foswiki">
Require all denied
# Allow access to toplevel files ending in .html (in particular index.html) only
# (comment out if you don't care for this)
<Files ~ "\.html$">
<RequireAll>
Require all granted
Require not env blockAccess
</RequireAll>
</Files>
</Directory>
put your files directive inside your directory directive.
To allow a specific file when access is restricted by HTTP password. Be careful, password protection is defined on filesystem basis and specific allowed files are defined by URI. Updated for Apache 2.4.
<Directory /path/to/directory/>
AuthName SecureArea
AuthType Basic
AuthUserFile /path/to/passwd-file
Require user my-user
SetEnvIf Request_URI "path/to/uri-allowed-1.php" allowedURL
SetEnvIf Request_URI "path/to/uri-allowed-2.php" allowedURL
Require env allowedURL
</Directory>
There is a missing line in #acond's answer. I think it needs Allow:
<Directory /var/www/denied_directory>
order deny,allow
Deny from All
<Files safefile.php>
order deny,allow
Allow from All
</Files>
</Directory>
Since there is only one rule in each directive, I suspect the order lines may be irrelevant. Although maybe the outermost one is required, because there is more than one rule nested. (I'm new to apache configuration)
Create an .htaccess file in the directory (folder) and use the block below:
order deny,allow
deny from all
<Files safefile.php>
allow from all
</Files>
This will allow ../safefile.php file but ../.
If you want to allow ../ (for instance you need to have ../index.php), then you should do this:
order deny,allow
deny from all
<FilesMatch ^(index\.php)?$>
allow from all
</FilesMatch>

Resources