Develop Reference

How do I hide .txt files from being seen on my website

I have a website which logs the users activity on a text file. But then when I enter www.mywebsite.com/textfile.txt I can clearly see the contents of that txt file. How do I hide this?

Use this rewrite in top of .htaccess file:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^textfile\.txt$ - [F,L]
</IfModule>
Or use directive Files:
<Files "textfile.txt">
Order Allow,Deny
Deny from all
</Files>
And for Apache 2.4+, use this:
<Files "textfile.txt">
Require all denied
</Files>

htaccess block everything but index.php and folder public and files in it

I'm kinda new to htaccess, I'm trying to block everything but index.php, the folder public and the files it contain. I have googled around and got this so far. Its kinda working but it looks like the webserver dont have access to the files either. It opens index.php but no css,js or php files are included. I can also go to domain.com/folder/ and get to the index page but its empty i would want it to redirect to index.php if possible. And i also have no clue about how to open the public folder while everything else above is set.
AuthType Basic
order allow,deny
<Files ~ "^(index\.php|)$">
Allow from all
</Files>
<Files .htaccess>
Order Allow,Deny
Deny from all
</Files>
DirectoryIndex index.php

Replace all of your code with this mod_rewrite rule in your site root .htaccess:
DirectoryIndex index.php
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/(?:index\.php$|public/|.+\.(?:jpe?g|gif|png|ico|tiff|css|js)$) [NC]
RewriteRule . - [F]
This rule will block everything except public/ folder, index.php or any other file ending with .css, .js, images etc.

How To Allow Access to Certain File Types but Deny All Others

While I'm confident this has been asked and answered somewhere, my Google and SO searches have not helped me solve what seems like a fairly easy problem.
The goal:
Deny access to ALL file types except images.
Current .htaccess file:
<Files *.*>
Order Deny,Allow
Deny from all
</Files>
<FilesMatch "\.(jpg|png|gif|jpeg|JPG|PNG|GIF|JPEG)$">
Order Deny,Allow
Allow from all
</FilesMatch>
I still cannot (via the browser) access any image files, with a "403 Forbidden" error.
Questions:
1. How do I make this work properly without rewrite rules?
2. Can I combine Files and FilesMatch rules like this?
3. Are the FilesMatch rules case sensitive?

You can easily achieve this via mod_rewrite rules:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule !\.(jpe?g|png|gif)$ - [NC,F]
Using FilesMatch you could do this:
Order deny,allow
# first deny all files
<Files *>
deny from all
</Files>
# then allow all image files
<FilesMatch "(?i)\.(jpe?g|png|gif)$">
allow from all
</FilesMatch>

clean URL in Drupal7 doesn't work

i'm trying to enable clean URL on my server (Debian squezze) for my Drupal Website .
I tried all of the things i found on the net . So please help me .
The rewrite module is enabled.
On my server , the Drupal's folders got this way : " /var/www/myshop/client/101b". with a symbolic link named "current" . So to access from the brower on my website i have to write an URL like that : "http://myshop.myserv.com"
Here is my .htaccess at the root of my folder "101b":
#
# Apache/PHP/Drupal settings:
#
# Protect files and directories from prying eyes.
<FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)$|^(\..*|Entries.*|Repository|Root|Tag|Template)$">
Order allow,deny
</FilesMatch>
# Don't show directory listings for URLs which map to a directory.
Options -Indexes
# Follow symbolic links in this directory.
Options +FollowSymLinks
# Make Drupal handle any 404 errors.
ErrorDocument 404 /index.php
# Set the default handler.
DirectoryIndex index.php index.html index.htm
# Override PHP settings that cannot be changed at runtime. See
# sites/default/default.settings.php and drupal_environment_initialize() in
# includes/bootstrap.inc for settings that can be changed at runtime.
# PHP 5, Apache 1 and 2.
<IfModule mod_php5.c>
php_flag magic_quotes_gpc off
php_flag magic_quotes_sybase off
php_flag register_globals off
php_flag session.auto_start off
php_value mbstring.http_input pass
php_value mbstring.http_output pass
php_flag mbstring.encoding_translation off
</IfModule>
# Requires mod_expires to be enabled.
<IfModule mod_expires.c>
# Enable expirations.
ExpiresActive On
# Cache all files for 2 weeks after access (A).
ExpiresDefault A1209600
<FilesMatch \.php$>
# Do not allow PHP scripts to be cached unless they explicitly send cache
# headers themselves. Otherwise all scripts would have to overwrite the
# headers set by mod_expires if they want another caching behavior. This may
# fail if an error occurs early in the bootstrap process, and it may cause
# problems if a non-Drupal PHP file is installed in a subdirectory.
ExpiresActive Off
</FilesMatch>
</IfModule>
# Various rewrite rules.
<IfModule mod_rewrite.c>
RewriteEngine on
Options All
# Block access to "hidden" directories whose names begin with a period. This
# includes directories used by version control systems such as Subversion or
# Git to store control files. Files whose names begin with a period, as well
# as the control files used by CVS, are protected by the FilesMatch directive
# above.
#
# NOTE: This only works when mod_rewrite is loaded. Without mod_rewrite, it is
# not possible to block access to entire directories from .htaccess, because
# <DirectoryMatch> is not allowed here.
#
# If you do not have mod_rewrite installed, you should remove these
# directories from your webroot or otherwise protect them from being
# downloaded.
RewriteRule "(^|/)\." - [F]
# If your site can be accessed both with and without the 'www.' prefix, you
# can use one of the following settings to redirect users to your preferred
# URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
#
# To redirect all users to access the site WITH the 'www.' prefix,
# (http://example.com/... will be redirected to http://www.example.com/...)
# uncomment the following:
# RewriteCond %{HTTP_HOST} !^www\. [NC]
# RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#
# To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.example.com/... will be redirected to http://example.com/...)
# uncomment the following:
# RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
# RewriteRule ^ http://%1%{REQUEST_URI} [L,R=301]
# Modify the RewriteBase if you are using Drupal in a subdirectory or in a
# VirtualDocumentRoot and the rewrite rules are not working properly.
# For example if your site is at http://example.com/drupal uncomment and
# modify the following line:
RewriteBase /myshop/client/101b
#
# If your site is running in a VirtualDocumentRoot at http://example.com/,
# uncomment the following line:
# RewriteBase /
# Pass all requests not referring directly to files in the filesystem to
# index.php. Clean URLs are handled in drupal_environment_initialize().
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^ index.php [L]
# Rules to correctly serve gzip compressed CSS and JS files.
# Requires both mod_rewrite and mod_headers to be enabled.
<IfModule mod_headers.c>
# Serve gzip compressed CSS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.css $1\.css\.gz [QSA]
# Serve gzip compressed JS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.js $1\.js\.gz [QSA]
# Serve correct content types, and prevent mod_deflate double gzip.
RewriteRule \.css\.gz$ - [T=text/css,E=no-gzip:1]
RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]
<FilesMatch "(\.js\.gz|\.css\.gz)$">
# Serve correct encoding type.
Header set Content-Encoding gzip
# Force proxies to cache gzipped & non-gzipped css/js files separately.
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>
</IfModule>
and here this my 000-default file in "etc/apache2/site-enabled/ : "
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/myshop/client/current
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/myshop/client/current/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
</Directory>
Alias /admin/ /var/www/myshop/backoffice/current/
<Directory /var/www/myshop/backoffice/current/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
But when i want to enable clean URL the test always fail.
Anyone have an idea ?
Thanks for help .

You should use 'RewriteBase /' instead of 'RewriteBase /myshop/client/101b' because virtual host is pointing to folder which contains Drupal site.
Please also check version of Apache you're using. Newest versions of Apache web-server require some changes in host's definition. You should use 'Require all granted' instead of 'Allow from All'. See example which works for me:
<VirtualHost *:80>
ServerName drupal7
ServerAlias drupal7 www.drupal7
DocumentRoot /home/vlad/www/public_html/drupal7
<Directory /home/vlad/www/public_html/drupal7/>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>
Please take a look at answers here: Unable to enable Clean URLs in drupal 7 website after migration

Codeigniter doesn't work without index.php

I'm using MAMP with alias named works.
Codeigniter is at localhost/works/project/web
controllers doesn't work without index.php before them (localhost/works/project/web/index.php/auth/register)
$config['base_url'] = 'localhost/works/project/web/'; //with http://
$config['index_page'] = '';
$config['uri_protocol'] = 'AUTO';
(I tried all of them for uri_protocol)
I created and edit .htaccess file at /User/me/works/project/web/
I tired all the .htaccess files about this issue.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /Users/me/works/project/web
#Removes access to the system folder by users.
#Additionally this will allow you to create a System.php controller,
#previously this would not have been possible.
#‘system’ can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php/$1 [L]
#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn’t true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
#This last condition enables access to the images and css folders, and the robots.txt file
#Submitted by Michael Radlmaier (mradlmaier)
RewriteCond $1 !^(index\.php|images|robots\.txt|css)
RewriteRule ^(.*)$ index.php/$1 [L]
</IfModule>
<IfModule !mod_rewrite.c>
# If we don’t have mod_rewrite installed, all 404’s
# can be sent to index.php, and everything works as normal.
# Submitted by: ElliotHaughin
ErrorDocument 404 /index.php
</IfModule>
creates error, which is:
[error] [client ::1] File does not exist: /Users/me/works/project/web/auth
it is same when I use RewriteBase /
mod_rewrite is active in phpInfo.
I couldn't find the solution.

Your RewriteBase is wrong. It should not be the relative file path for your server, it should be the relative URL path for your rewrite rules and such. More info here.
If you've ever used HTML's <base> tag, it's pretty much the same principle. If your main localhost URL is http://localhost, and your project is in the subfolder http://localhost/my-project, then you would use RewriteBase /my-project/.
If you didn't use RewriteBase, and your project is in a subfolder, you'd have to add the subfolder to every one of your URLs and rewrites, like this:
RewriteRule ^(.*)$ /my-project/index.php/$1 [L]
Food for thought:
Start your .htaccess files as simple as possible. The more you throw at it right away, the more that can go wrong, and the harder it is to debug. Especially if you're a noob to .htaccess files. Don't blindly copy and paste -- figure out what things actually do.
The system folder access part is redundant now -- the system folder has its own .htaccess to restrict requests, just like the application folder.

1.Make below changes in application/config.php file
$config['base_url'] = 'http://'.$_SERVER['SERVER_NAME'].'/Your Ci folder_name';
$config['index_page'] = '';
$config['uri_protocol'] = 'AUTO';
2.use this in .htaccess file:
RewriteEngine on
RewriteCond $1 !^(index\.php|resources|robots\.txt)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L,QSA]
and enable rewrite mode using below command
a2enmod rewrite
and Edit the file /etc/apache2/sites-enabled/000-default
change the AllowOverride None to AllowOverride All.
and finally Restart your server

You certainly don't have mod_rewrite on or you did not install it with MAMP
Open your httpd config file and change
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
To
AllowOverride All
uncomment this line:
#LoadModule rewrite_module libexec/apache2/mod_rewrite.so
Also make some changes to users here: /etc/apache2/users/username.conf
LoadModule php5_module libexec/apache2/libphp5.so
DocumentRoot "/Users/username/where/ever/you/like"
<Directory "/Users/username/where/ever/you/like">
Options Indexes MultiViews +FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
Get more info here http://adam.merrifield.ca/2010/08/09/apache-mod_rewrite-php-and-os-x-10-6-snow-leopard/
Restart MAMP
To find out if mod_rewrite is on, follow this answer in Stackoverflow:
How to check if mod_rewrite is enabled in php?
Just to be sure your .htaccess is not the issue, could you try this one. It's been tested:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /Users/me/works/project/web/
# If the start of the URL doesn't match one of these...
RewriteCond $1 !^(index\.php|robots\.txt|assets|cache|themes|uploads|css|images|js)
# Route through index.php
RewriteRule ^(.*)$ index.php/$1 [L]
</IfModule>
Access to certain folders are granted above and the rewritebase has a trailing slash.
Make sure you have any other nested .htaccess overriding this very one.

I fixed the problem by instead of using .htacces, I write them to httpd.conf.
I checked the AllowOverride is All but I'm not sure why .htaccess isn't working. Because of I lost too much time with this issue, I'm going to use this way.
Thanks for the answers.

Use AllowOverride All on your vhost:
<Directory "/path/to/your/site">
....
AllowOverride All
</Directory>

Open your httpd config file
LoadModule rewrite_module modules/mod_rewrite.so then AllowOverride All
<Directory "C:/xampp/htdocs"> //example for xampp
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Order allow,deny
Allow from all
</Directory>

I have installed codeigniter in a url like the format: http://11.12.34.45/~project/
I tried different suggestions and finally this following url provided the solution:
https://ellislab.com/expressionengine/user-guide/urls/remove_index.php.html

You need to change two files of Apache,
httpd.conf
httpd-vhosts.conf
change this in httpd.conf
<Files ".ht*">
Require all denied
</Files>
to,
<Files ".ht*">
Require all granted
</Files>
and add below code in httpd-vhosts.conf,
<VirtualHost *:8000>
ServerName localhost
DocumentRoot c:/wamp64/www
<Directory "c:/wamp64/www/">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Allow from all
</Directory>
</VirtualHost>