I am trying to deny everyone to download anything inside the "attachment" directory.
My website structure is:
public_html
-img
-css
-root
--attachment
---(numeric id)
----(files)
-js
What I am trying to do is, to deny access to root/attachment//
I tried many things, but I don't know why, I cannot get it working, my last tried was:
.htaccess - on main directory.
<FilesMatch "root/attachment/.*/.*">
Order Allow,Deny
Deny from all
</FilesMatch>
Any ideas?
Thank you very much :)
FilesMatch doesn't work with directories.
Create a new .htaccess inside root/attachment/ as
<FilesMatch ".*">
Order Allow,Deny
Deny from All
</FilesMatch>
Redirect rules specified in a parent directory .htaccess apply to its sub-directories as well. In case, these access rules do not work the same way, just move the .htaccess directly into files directory.
Create a new htaccess file /root/attackment/.htaccess and add the following lines
Order Allow,Deny
Deny from all
Related
I have files which contain important settings(MySQL password etc...), and jQuery scripts. I don't want them to be accessed(over link, eg. link.com/scripts/jquery_script.js). I made something but that code don't work. Code is in .htaccess file. .htaccess file is in root. I put echo in settings.php file, and I can see it.
<files scripts/settings.php>
order allow,deny
deny from all
</files>
Files directive doesn't take full path.
Use this directive in /scripts/.htaccess (create it if it doesn't exist):
<files settings.php>
order allow,deny
deny from all
</files>
I'm trying to "exclude" a directory (and all it's folder) from the rules in .htaccess file...
Not sure if that's possible?
The .htaccess file is like this:
Order Allow,Deny
Deny from all
<Files ~ "\.(css|jpe?g|png|ico|gif|js)$">
Allow from all
</Files>
<Files "show.php">
allow from 127.0.0.1
</files>
Now, I want to exclude an entire sub-directory...
from these rules...
i.e. Allow from all (for all file extensions in directory "SHOW-STR")
The only way now, is to do it file by file ... but I wonder if there's a way to exclude a sub-directory?
Create an htaccess file in your SHOW-STR directory with this:
Order Allow,Deny
Allow from all
I have one website (www.mysite.com) that I have on a temporary redirect to another folder (www.mysite.com/tempfolder/index.php). I also host another site in the root folder of www.mysite.com called www.subsite.com. It has it's own URL, but I can't figure out how to make that entire sub-folder exempt from the redirect! Any ideas? Here is what my .htaccess file looks like right now (which is perfectly redirecting everything to the temporary landing page).
<Limit GET POST PUT>
order deny,allow
deny from all
allow from ***
allow from ****
allow from *****
</LIMIT>
ErrorDocument 403 http://www.mysite.com.com/tempfolder/index.php
<filesMatch ".(htm|html|php|css|js|php|gif|jpg|db|png)$">
order allow,deny
allow from all
</FilesMatch>
Any ideas? thanks all!
try putting an .htaccess file in the subfolder that does not contain the redirection rules. That should work just fine -- it can even be a blank file.
Hello I don't know much about the .htaccess configuration, but I want to restrict access to php files on my web server and I want to have only index.php with parameters accessible.
My files are in subfolder like: www.mydomain.com/sub/index.php. I want to have access to open that index.php in subfolder, css files and js files.
Here is my configuration I have so far:
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
<Files /index.php>
Order Allow,Deny
Allow from all
</Files>
<FilesMatch "*\.(css|js)$">
Order Allow,Deny
Allow from all
</FilesMatch>
I have tried to do something like <Files sub/index.php> but everytime it restricts all php files in subfolders and www.mydomain.com/index.php works fine.
Can anyone help me with it?
You can move all files except ones needed to be accessible by http (index.php, css, images etc.) out from DocumentRoot directory to upper level, so directory layout looks like this:
/lib
/files
/html
/index.php
/css/
/images/
where /html is your DocumentRoot.
In this case you won't need any additional restrictive rules in .htaccess or VirtualHost configuration/
htaccess may not be the best option to preventing direct access to some of your Php files. Instead, create an access value and set it to some value in the page you wish directed access to and don't set it in other pages otherwise.
$access = 'some value';
if(empty($access)) { header("location:index.php"); die();}
This way other php files will only be accessible via include or require. Hope that helps.
Consider these files structures on web root directory :
files/1/1.jpg
files/1/2.jpg
files/2/1.jpg
files/2/3.jpg
files/3/6.jpg
files/3/8.jpg
files/4/1.jpg
I want to deny access to files inside folder 2 and 3 using htaccess file that exists in web root directory. I try but nothing happend. Here's the code I used:
<FilesMatch "(2|3)\/*$" >
Order deny,allow
Deny from all
</FilesMatch>
Would you correct my mistake?
Thank you.
If your htaccess file is in your web root, and the files directory is also in the web root, you won't be able to match against files in another (sub)directory. You can either try putting the <FilesMatch> in an htaccess file in the files directory, or you can use mod_rewrite in the htaccess file in your web root:
RewriteEngine On
RewriteRule ^files/(2|3)/ - [F,L]
For optimal performance using htaccess, you should create a .htaccess file in each of the directories you want to protect:
Order deny,allow
Deny from all