Chiehkai
asked on
How To Prevent File Access Without Using .Htaccess
Hi,
We have a folder on our site that we don't want to be access publicly accessed, one way to do this is placing a .htaccess file inside that folder and create some rules. But the problem is we can't place a .htaccess file in that folder, do you guys know a way to do this? We can place files in its parent folder though.
Any suggestions appreciated.
We have a folder on our site that we don't want to be access publicly accessed, one way to do this is placing a .htaccess file inside that folder and create some rules. But the problem is we can't place a .htaccess file in that folder, do you guys know a way to do this? We can place files in its parent folder though.
Any suggestions appreciated.
ASKER
Thanks for the information. I checked the link you provided, but looks like its for robots only? Can I block all access with mod_rewrite?
Thanks!
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
I placed the following text in my .htaccess file, then placed the .htaccess fine in it's parent folder, but it didn't work :(
RewriteEngine on
RewriteRule ^/path_to_folder/ - [F]
Anything I did wrong there? I have confirmed that mod_rewrite is supported.
Thanks.
I placed the following text in my .htaccess file, then placed the .htaccess fine in it's parent folder, but it didn't work :(
RewriteEngine on
RewriteRule ^/path_to_folder/ - [F]
Anything I did wrong there? I have confirmed that mod_rewrite is supported.
Thanks.
> can I block all access with mod_rewrite?
do you really want to block ALL access?
<directory /www/directory-to-block/ >
Order Allow,Deny
Deny from all
</directory>
the blocked directory is still available to internal processes and CGI programs.
In the directory scope, you can also deny access to a specific file or set of files
<files secretfile.jpg>
order allow,deny
deny from all
</files>
<FilesMatch "\.(htaccess|htpasswd|ini| phps|fla|p sd|log|sh) $">
Order Allow,Deny
Deny from all
</FilesMatch>
ShalomC
do you really want to block ALL access?
<directory /www/directory-to-block/ >
Order Allow,Deny
Deny from all
</directory>
the blocked directory is still available to internal processes and CGI programs.
In the directory scope, you can also deny access to a specific file or set of files
<files secretfile.jpg>
order allow,deny
deny from all
</files>
<FilesMatch "\.(htaccess|htpasswd|ini|
Order Allow,Deny
Deny from all
</FilesMatch>
ShalomC
ASKER
Hi,
Yes I just want to block access to the public, only allowing internal scripts using it. I added the code you provided to my .htaccess file, but it returned a 500 error, is there anything wrong?
Yes I just want to block access to the public, only allowing internal scripts using it. I added the code you provided to my .htaccess file, but it returned a 500 error, is there anything wrong?
<directory /www/directory-to-block/ >
Order Allow,Deny
Deny from all
</directory>
> Anything I did wrong there?
No leading slash in your rule-pattern for mod_rewrite as above (difference to mod_alias and mod_rewrite used in per-server context)
No leading slash in your rule-pattern for mod_rewrite as above (difference to mod_alias and mod_rewrite used in per-server context)
RewriteEngine on
RewriteRule ^path_to_folder/ - [F]
ASKER
Hi,
I just removed the leading slash and tried again, but I could still access the files inside that folder.
I just removed the leading slash and tried again, but I could still access the files inside that folder.
RewriteEngine on
RewriteRule ^home/username/public_html/folder/folder_that_needs_to_be_blocked/ - [F]
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It worked, thanks :)
maybe the folder is user controlled and you do not want the authorization to be modified by users?
another option is to secure the folder in the configuration file.
place your security directives inside a <directory> section in httpd.conf
you can also use mod_rewrite to block access depending on the particular scenario.
for example, read here how to block access based on the client string
http://httpd.apache.org/docs/2.2/rewrite/rewrite_guide.html#blocking-of-robots
ShalomC