.htaccess: Deny from all - .htaccess

This is working:
<Files *.fileext>
Order Allow,Deny
Deny from all
</Files>
This is not:
<Files *.fileext|somedirectory>
Order Allow,Deny
Deny from all
</Files>
Please help.

Files does not allow the use of regular expressions, but FilesMatch does, therefore it searches for a file with (something).fileext|somedirectory in the path, and this is not what you want to do. Your code will have to look like this:
<FilesMatch (\.fileext$|^somedirectory$)>
Order Allow,Deny
Deny from all
</FilesMatch>
see http://httpd.apache.org/docs/1.3/mod/core.html#files and http://httpd.apache.org/docs/1.3/mod/core.html#filesmatch

This can be slightly improved.
There is no need for an order directive and the end of string syntax can be used just once.
<FilesMatch (\.fileext|^somedirectory)$>
Deny from all
</FilesMatch>

Related

htaccess error: Require not allowed in <Files> context

I'm trying to upgrade to the latest version of phpbb3.2 by following this guide, but I'm getting a 500 Internal Server Error and the following error in my apache 2.4 error log when I try to access the /install directory:
C:/website/forum/.htaccess: Require not allowed in <Files> context
I tried googling for the "Require not allowed in Files context" error, but there are literally no results. Must be a rare or a newly introduced error.
The htaccess in question contains the following:
<IfModule mod_version.c>
<IfVersion < 2.4>
<Files "config.php">
Order Allow,Deny
Deny from All
</Files>
<Files "common.php">
Order Allow,Deny
Deny from All
</Files>
</IfVersion>
<IfVersion >= 2.4>
<Files "config.php">
Require all denied
</Files>
<Files "common.php">
Require all denied
</Files>
</IfVersion>
</IfModule>
<IfModule !mod_version.c>
<IfModule !mod_authz_core.c>
<Files "config.php">
Order Allow,Deny
Deny from All
</Files>
<Files "common.php">
Order Allow,Deny
Deny from All
</Files>
</IfModule>
<IfModule mod_authz_core.c>
<Files "config.php">
Require all denied
</Files>
<Files "common.php">
Require all denied
</Files>
</IfModule>
</IfModule>
Any idea how to solve this?
EDIT: I used the command mentioned in the guide as an alternative to the install directory steps and completed the guide, but even accessing the root forum url still gives the same error, so this issue is not related to the "install/" instructions.
AllowOverride httpd.conf directive requires an AuthConfig option to be enabled to use the Required directive in htaccess files.
https://www.phpbb.com/community/viewtopic.php?f=556&t=2492006&p=15130746#p15130746
In case of linux/ubuntu/etc, you might add AllowOverride AuthConfig in /sites-enabled/your-site.conf:
<IfModule mod_ssl.c>
<VirtualHost *:443>
...
<Directory /var/www/your_path/>
...
AllowOverride AuthConfig
...
</Directory>
</VirtualHost>
</IfModule>

How To Allow Access to Certain File Types but Deny All Others

While I'm confident this has been asked and answered somewhere, my Google and SO searches have not helped me solve what seems like a fairly easy problem.
The goal:
Deny access to ALL file types except images.
Current .htaccess file:
<Files *.*>
Order Deny,Allow
Deny from all
</Files>
<FilesMatch "\.(jpg|png|gif|jpeg|JPG|PNG|GIF|JPEG)$">
Order Deny,Allow
Allow from all
</FilesMatch>
I still cannot (via the browser) access any image files, with a "403 Forbidden" error.
Questions:
1. How do I make this work properly without rewrite rules?
2. Can I combine Files and FilesMatch rules like this?
3. Are the FilesMatch rules case sensitive?
You can easily achieve this via mod_rewrite rules:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule !\.(jpe?g|png|gif)$ - [NC,F]
Using FilesMatch you could do this:
Order deny,allow
# first deny all files
<Files *>
deny from all
</Files>
# then allow all image files
<FilesMatch "(?i)\.(jpe?g|png|gif)$">
allow from all
</FilesMatch>

FilesMatch or Files in htaccess to deny two specific files

I mostly understand using Files for one file and FileMatch for broad regex matching, but if I wanted to deny access to two or three specific unique files how would I best do that?
Ideas:
<Files .htpasswd>
Order allow,deny
Deny from all
Satisfy All
</Files>
<Files htpasswd-example>
Order allow,deny
Deny from all
Satisfy All
</Files>
<Files htaccess-example>
Order allow,deny
Deny from all
Satisfy All
</Files>
or something like:
<FilesMatch "^(.htpasswd|htpasswd-example|htaccess-example)$">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
note: unrelated but I can't make these example files . files for other reasons, hence my desire to hide them.
Try:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^localhost$ [NC]
RewriteRule ^ - [L,F]
So, if the host is other than "localhost" deny it.
Check out this answer too:
.htaccess deny access from external request

Can I specify a wildcard or regex as a Directory in htaccess?

We have many, many sites, all of which contain a "customer/uploadsfolder". We have to allow uploading, but want to block any GIF files, as well as turn off PHP in the folder as shown below. The question is, do we need one entry for every folder, or can wildcards/regex be used?
<VirtualHost *:80>
<Directory /customer/uploadsfolder>
deny from all
<Files ~ "^\w+\.(gif)$">
order deny,allow
allow from all
</Files>
<IfModule mod_php5.c>
php_flag engine off
</IfModule>
</Directory>
</VirtualHost>
Yes, use LocationMatch (or "Location ~").
<LocationMatch "\/customer\/uploadsfolder\/.*\.(php|gif)">
order allow,deny
deny from all
</LocationMatch>

Allow directory listing only for a IP

I've activated directory listing with this line in the .htaccess:
Options +Indexes
How can I limit this to only one IP address with having access to all files/directories for everyone (every IP)?
Not tested:
allow from all
Options -Indexes
<Files *>
deny from all
allow from 195.112.15.4
Options +Indexes
</Files>
This way the Options +Indexes will be valid only for IP 195.112.15.4
I know this is an old thread but as I have just found something that seems to work, I've decided to share it here.
Adding this seems to do the trick:
<Files .>
Order Deny,Allow
Deny From All
Allow From 195.112.15.4
</Files>
This is what I got working for me, this is the .htaccess inside the folder I don't want everyone to be able to list, but if I give them a link to a file inside it, I want anyone (all) to be able to download the link.
allow from all
Options -Indexes
<Files *>
deny from all
allow from all
Options -Indexes
</Files>
<Files .>
Order Deny,Allow
Deny From All
Allow From xx.xx.xx.xx
# put the IP you want to allow indexing for above here
Options +Indexes
</Files>
tested
supposing "index.html" is the one configured as your DirectoryIndex, and XX.XX.XX.XX is your IP address, simple put these lines:
<FilesMatch "index.html">
Order deny,allow
Deny from all
allow from XX.XX.XX.XX
</FilesMatch>

Resources