Deny access to subdirectories using htaccess - .htaccess

Consider these files structures on web root directory :
files/1/1.jpg
files/1/2.jpg
files/2/1.jpg
files/2/3.jpg
files/3/6.jpg
files/3/8.jpg
files/4/1.jpg
I want to deny access to files inside folder 2 and 3 using htaccess file that exists in web root directory. I try but nothing happend. Here's the code I used:
<FilesMatch "(2|3)\/*$" >
Order deny,allow
Deny from all
</FilesMatch>
Would you correct my mistake?
Thank you.

If your htaccess file is in your web root, and the files directory is also in the web root, you won't be able to match against files in another (sub)directory. You can either try putting the <FilesMatch> in an htaccess file in the files directory, or you can use mod_rewrite in the htaccess file in your web root:
RewriteEngine On
RewriteRule ^files/(2|3)/ - [F,L]

For optimal performance using htaccess, you should create a .htaccess file in each of the directories you want to protect:
Order deny,allow
Deny from all

Related

Htaccess - restrict access to file but only in present directory

I have index.php file that i want to allow access only for specific ip with htaccess.
However i want to allow access for files named index.php in subdiectories for everyone.
How should I write rule that would affect only index.php in present directory? This is what i tried but with no success, it blocks index.php in subdirectories too:
<Files "./index.php">
Order deny,allow
Deny from all
Allow from 192.168.24.2
</Files>
You can write a .htaccess inside the subdirectories which contained the Allow from all, thus allowing access to those specific directories, and subdirectories from them onwards.

htaccess to block specific file in a folder

i am sorry if this question has been ask before.
I have a folder that look like: project/version/download.zip
but the thing is i have multiple project folder and with multiple version folder
where I have a few files that i do not want anyone to access to in version folder but i want to allow user to access to download.zip
my question is how do i block access to other files but allow user to download the zip?
as for the file is just a File type.
or should i just transfer the zip file to some other folders and put deny from all in the project folder?
Please advice ^^ thank you
if your folder where your zip file resides, try adding .htaccess file with following in it:
Order Allow,Deny
Deny from all
<FilesMatch "\.zip$">
Order Deny,Allow
Allow from all
</FilesMatch>
Assuming you don't have .htaccess files in your version folders yet. If you have mod_rewrite enabled you should be able to do something like this:
First add a .htaccess file to the version folder. Add the following to that file
RewriteCond %{REQUEST_URI} !(download\.zip|grumpycat\.png)$
RewriteRule ^ [F,L]
Since the .htaccess file is in the version folder, all filenames are automatically prefixed with version/. It will block access to all files in that folder, and subfolders without .htaccess, except for download.zip and grumpycat.png. You can simpy copy and paste this file in any subfolder you want to restrict access to.
Alternativelly, if you alter the code slightly, you can instead make a .htaccess in your document root. You would do something like this:
RewriteCond %{REQUEST_URI} ^/(version|version1337|version9001)
RewriteCond %{REQUEST_URI} !(download\.zip|grumpycat\.png)$
RewriteRule ^ [F,L]
Now the requested url must begin with version, version1337 or version9001 and must not end with one of those filenames to trigger the forbidden error. Otherwise the file will be shown.

Is it possible to see .htaccess file of any website?

Ex. I open http://www.delfi.lt via browser, can I somehow access/open/download .htaccess file of this site?
I read that .htaccess is visable to any browser if it's not hidden by apache. Does apache block access to .htaccess file by default?
Access to .htaccess is disabled by Apache config similar to this in httpd.conf:
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>

.htaccess, deny to download files within a directory

I am trying to deny everyone to download anything inside the "attachment" directory.
My website structure is:
public_html
-img
-css
-root
--attachment
---(numeric id)
----(files)
-js
What I am trying to do is, to deny access to root/attachment//
I tried many things, but I don't know why, I cannot get it working, my last tried was:
.htaccess - on main directory.
<FilesMatch "root/attachment/.*/.*">
Order Allow,Deny
Deny from all
</FilesMatch>
Any ideas?
Thank you very much :)
FilesMatch doesn't work with directories.
Create a new .htaccess inside root/attachment/ as
<FilesMatch ".*">
Order Allow,Deny
Deny from All
</FilesMatch>
Redirect rules specified in a parent directory .htaccess apply to its sub-directories as well. In case, these access rules do not work the same way, just move the .htaccess directly into files directory.
Create a new htaccess file /root/attackment/.htaccess and add the following lines
Order Allow,Deny
Deny from all

Configuring .htaccess for subdirectories

Hello I don't know much about the .htaccess configuration, but I want to restrict access to php files on my web server and I want to have only index.php with parameters accessible.
My files are in subfolder like: www.mydomain.com/sub/index.php. I want to have access to open that index.php in subfolder, css files and js files.
Here is my configuration I have so far:
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
<Files /index.php>
Order Allow,Deny
Allow from all
</Files>
<FilesMatch "*\.(css|js)$">
Order Allow,Deny
Allow from all
</FilesMatch>
I have tried to do something like <Files sub/index.php> but everytime it restricts all php files in subfolders and www.mydomain.com/index.php works fine.
Can anyone help me with it?
You can move all files except ones needed to be accessible by http (index.php, css, images etc.) out from DocumentRoot directory to upper level, so directory layout looks like this:
/lib
/files
/html
/index.php
/css/
/images/
where /html is your DocumentRoot.
In this case you won't need any additional restrictive rules in .htaccess or VirtualHost configuration/
htaccess may not be the best option to preventing direct access to some of your Php files. Instead, create an access value and set it to some value in the page you wish directed access to and don't set it in other pages otherwise.
$access = 'some value';
if(empty($access)) { header("location:index.php"); die();}
This way other php files will only be accessible via include or require. Hope that helps.

Resources