Solved

How To Prevent File Access Without Using .Htaccess

Posted on 2009-03-30
10
448 Views
Last Modified: 2013-12-16
Hi,

We have a folder on our site that we don't want to be access publicly accessed, one way to do this is placing a .htaccess file inside that folder and create some rules. But the problem is we can't place a .htaccess file in that folder, do you guys know a way to do this? We can place files in its parent folder though.

Any suggestions appreciated.
0
Comment
Question by:Chiehkai
  • 5
  • 3
  • 2
10 Comments
 
LVL 32

Expert Comment

by:shalomc
ID: 24017184
why can't you place .htaccess in the folder?
maybe the folder is user controlled and you do not want the authorization to be modified by users?

another option is to secure the folder in the configuration file.
place your security directives inside a <directory> section in httpd.conf

you can also use mod_rewrite to block access depending on the particular scenario.

for example, read here how to block access based on the client string
http://httpd.apache.org/docs/2.2/rewrite/rewrite_guide.html#blocking-of-robots

ShalomC
0
 

Author Comment

by:Chiehkai
ID: 24021219
Thanks for the information. I checked the link you provided, but looks like its for robots only? Can I block all access with mod_rewrite?

Thanks!
0
 
LVL 27

Accepted Solution

by:
caterham_www earned 500 total points
ID: 24021343
Yes, you can [1]. If you're on apache 2.2 I'd use mod_alias instead for performance reasons [2].
/.htaccess to protect /folder/foo

[1]

RewriteEngine on

RewriteRule ^folder/ - [F]
 
 

[2]

Redirect 403 /folder/

Open in new window

0
 

Author Comment

by:Chiehkai
ID: 24021443
Hi,

I placed the following text in my .htaccess file, then placed the .htaccess fine in it's parent folder, but it didn't work :(

RewriteEngine on
RewriteRule ^/path_to_folder/ - [F]

Anything I did wrong there? I have confirmed that mod_rewrite is supported.

Thanks.
0
 
LVL 32

Expert Comment

by:shalomc
ID: 24021519
> can I block all access with mod_rewrite?

do you really want to block ALL access?

<directory /www/directory-to-block/ >
  Order Allow,Deny
  Deny from all
</directory>

the blocked directory is still available to internal processes and CGI programs.


In the directory scope, you can also deny access to a specific file or set of files

<files secretfile.jpg>
  order allow,deny
  deny from all
</files>

<FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">
  Order Allow,Deny
  Deny from all
</FilesMatch>


ShalomC
0
Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

 

Author Comment

by:Chiehkai
ID: 24021562
Hi,

Yes I just want to block access to the public, only allowing internal scripts using it. I added the code you provided to my .htaccess file, but it returned a 500 error, is there anything wrong?
<directory /www/directory-to-block/ >

  Order Allow,Deny

  Deny from all

</directory>

Open in new window

0
 
LVL 27

Expert Comment

by:caterham_www
ID: 24021568
> Anything I did wrong there?  

No leading slash in your rule-pattern for mod_rewrite as above (difference to mod_alias and mod_rewrite used in per-server context)
RewriteEngine on

RewriteRule ^path_to_folder/ - [F]

Open in new window

0
 

Author Comment

by:Chiehkai
ID: 24021597
Hi,

I just removed the leading slash and tried again, but I could still access the files inside that folder.
RewriteEngine on

RewriteRule ^home/username/public_html/folder/folder_that_needs_to_be_blocked/ - [F]

Open in new window

0
 
LVL 27

Assisted Solution

by:caterham_www
caterham_www earned 500 total points
ID: 24021865
If you put the rule into a /home/username/public_html/folder/.htaccess

it should just be (below), not the full physical path. That portion /home/username/public_html/folder/ is striped.

<directory ...> sections are not valid in .htaccess files.
RewriteEngine on

RewriteRule ^folder_that_needs_to_be_blocked/ - [F]

Open in new window

0
 

Author Closing Comment

by:Chiehkai
ID: 31564217
It worked, thanks :)
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now