I have a private folder that contains all of the private scripts and resources that I use for my website. I'm using .htaccess in the private folder to
deny from all
which works successfully, giving a 403. However, index.php uses javascripts and css from the private folder which means it's also getting restricted. How do I fix this?
You need to move the JavaScript and CSS files to a public directory so that users can download them so that they can view the web page correctly. If you want, you can disable browsing of the public directory by adding a .htaccess file in that directory with the following content:
Options -Indexes
Related
I have a "site" setup to allow myself some "public" downloads.
So in the root folder of the site I have an htaccess file containing
Options +Indexes
IndexOptions +FancyIndexing
Inside the site I have a couple folders with files for downloading, etc...
How can I disable the ability to get into the parent folder once inside one of these folders?
For instance...
http://o7thwd.com/dl/Mine
I'd like to prevent the Parent Directory from showing and being able to do anything...
Remove the .htaccess file from the site's root folder.
Put the following (same as in your question) in .htaccess file in every sub-folder that needs to be public:
Options +Indexes
IndexOptions +FancyIndexing
My directory structure is as follows:
-application
-system
-assets
--images
--downloads
--css
index.php
I created assets as suggested on stackoverflow,I wanted to restrict access to downloads so placed .htaccess file in assets folder with the following directive
Deny from all
now its protected but as assets has css files and those are also not accessible too.
Try to put the htaccess file to downloads file
I have installed the plugin 'Advanced Search Plugin Like Facebook Search' of younet and I noticed the error that application/modules/Core/externals/scripts/ynadvsearch.php is not found.
Then I checked the location and the file was there. So I uploaded a test.php file and typed the url in address bar then also I could not access the test.php page. But I am able to access all the js pages on that folder.
I have deleted the htaccess file of external folder. But the issue remains the same.
How can we fix this?
It's a little weird, usually /externals/scripts folder is used only for javascript-files (and all php-files - inside of /controllers folder).
File .htaccess inside of /externals folder contains a rule
<FilesMatch "\.avi|flv|mov|wmv|wma|mp3|mp4|m4a|mkv|swf|pdf|doc|ppt|ico|jpg|jpeg|png|gif|js|css)$">`
It means that *.php files are not allowed for access inside of this folder.
For testing I hosted my website on free server from 000webhost.com
They have a directory structure:-
(root folder) \
(public folder) \public_html
this directory structure enables to keep all the library files in root folder and all public data in \public_html, so I developed my website accordingly, and my final structure looked like:-
/
/include(this folder contains library files)
/logs(log files)
/public_html
/public_html/index.php
/public_html/home.php
/public_html/and other public files
on 000webhost makes only public_folder available to be accessed via url and my url looked neat and clean like
www.xample.com/index.php
or
www.example.com/home.php
but after completion of development I moved website to shared host purchased from go-daddy.com, now they do not have any such kind of directory permission, all the files are kept in root folder and are accessible via url also url has become like:-
www.example.com/public_html/home.php
or
www.example.com/public_html/index.php
How should I redirect url request to public_html folder again so as to make library file unavailable to public access and make url neat and clean.
Does Godaddy allow you access to Apache?
If so you might be able to modify document root in such a way that the public folder is on the same level as the library and log folders.
Otherwise you will be left in the same situation as many other who use shared hosting and have to protect your folders with .htaccess files.
I have a wordpress site running, and currently anyone can view the uploads directory by visiting
http://site.com/wp-content/uploads
I want to stop this directory from being viewed in a browser but I want a subfolder to be viewable (eg. http://site.com/wp-content/uploads/PublicUploads). I have tried setting
IndexIgnore *
in the uploads folder, but I cannot work out how to set the sub folder back to visible.
Any help would be appreciated
Most people use
Options -indexes
To make a subdirectory visible again, you'll need to put a .htaccess file inside that subdir, with Options +indexes inside it.
Using mod_rewrite you can block direct access to wp-content/uploads directory like this:
RewriteRule ^wp-content/uploads/?$ - [F,NC]
Keep in mind that this will only block browsing of /wp-content/uploads contents but will allow /wp-content/uploads/PublicUploads or any /wp-content/uploads/foo.