Solved

How To Prevent File Access Without Using .Htaccess

Posted on 2009-03-30
10
450 Views
Last Modified: 2013-12-16
Hi,

We have a folder on our site that we don't want to be access publicly accessed, one way to do this is placing a .htaccess file inside that folder and create some rules. But the problem is we can't place a .htaccess file in that folder, do you guys know a way to do this? We can place files in its parent folder though.

Any suggestions appreciated.
0
Comment
Question by:Chiehkai
  • 5
  • 3
  • 2
10 Comments
 
LVL 33

Expert Comment

by:shalomc
ID: 24017184
why can't you place .htaccess in the folder?
maybe the folder is user controlled and you do not want the authorization to be modified by users?

another option is to secure the folder in the configuration file.
place your security directives inside a <directory> section in httpd.conf

you can also use mod_rewrite to block access depending on the particular scenario.

for example, read here how to block access based on the client string
http://httpd.apache.org/docs/2.2/rewrite/rewrite_guide.html#blocking-of-robots

ShalomC
0
 

Author Comment

by:Chiehkai
ID: 24021219
Thanks for the information. I checked the link you provided, but looks like its for robots only? Can I block all access with mod_rewrite?

Thanks!
0
 
LVL 27

Accepted Solution

by:
caterham_www earned 500 total points
ID: 24021343
Yes, you can [1]. If you're on apache 2.2 I'd use mod_alias instead for performance reasons [2].
/.htaccess to protect /folder/foo

[1]

RewriteEngine on

RewriteRule ^folder/ - [F]
 
 

[2]

Redirect 403 /folder/

Open in new window

0
 

Author Comment

by:Chiehkai
ID: 24021443
Hi,

I placed the following text in my .htaccess file, then placed the .htaccess fine in it's parent folder, but it didn't work :(

RewriteEngine on
RewriteRule ^/path_to_folder/ - [F]

Anything I did wrong there? I have confirmed that mod_rewrite is supported.

Thanks.
0
 
LVL 33

Expert Comment

by:shalomc
ID: 24021519
> can I block all access with mod_rewrite?

do you really want to block ALL access?

<directory /www/directory-to-block/ >
  Order Allow,Deny
  Deny from all
</directory>

the blocked directory is still available to internal processes and CGI programs.


In the directory scope, you can also deny access to a specific file or set of files

<files secretfile.jpg>
  order allow,deny
  deny from all
</files>

<FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">
  Order Allow,Deny
  Deny from all
</FilesMatch>


ShalomC
0
VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

 

Author Comment

by:Chiehkai
ID: 24021562
Hi,

Yes I just want to block access to the public, only allowing internal scripts using it. I added the code you provided to my .htaccess file, but it returned a 500 error, is there anything wrong?
<directory /www/directory-to-block/ >

  Order Allow,Deny

  Deny from all

</directory>

Open in new window

0
 
LVL 27

Expert Comment

by:caterham_www
ID: 24021568
> Anything I did wrong there?  

No leading slash in your rule-pattern for mod_rewrite as above (difference to mod_alias and mod_rewrite used in per-server context)
RewriteEngine on

RewriteRule ^path_to_folder/ - [F]

Open in new window

0
 

Author Comment

by:Chiehkai
ID: 24021597
Hi,

I just removed the leading slash and tried again, but I could still access the files inside that folder.
RewriteEngine on

RewriteRule ^home/username/public_html/folder/folder_that_needs_to_be_blocked/ - [F]

Open in new window

0
 
LVL 27

Assisted Solution

by:caterham_www
caterham_www earned 500 total points
ID: 24021865
If you put the rule into a /home/username/public_html/folder/.htaccess

it should just be (below), not the full physical path. That portion /home/username/public_html/folder/ is striped.

<directory ...> sections are not valid in .htaccess files.
RewriteEngine on

RewriteRule ^folder_that_needs_to_be_blocked/ - [F]

Open in new window

0
 

Author Closing Comment

by:Chiehkai
ID: 31564217
It worked, thanks :)
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now