Solved

How To Prevent File Access Without Using .Htaccess

Posted on 2009-03-30
10
455 Views
Last Modified: 2013-12-16
Hi,

We have a folder on our site that we don't want to be access publicly accessed, one way to do this is placing a .htaccess file inside that folder and create some rules. But the problem is we can't place a .htaccess file in that folder, do you guys know a way to do this? We can place files in its parent folder though.

Any suggestions appreciated.
0
Comment
Question by:Chiehkai
  • 5
  • 3
  • 2
10 Comments
 
LVL 33

Expert Comment

by:shalomc
ID: 24017184
why can't you place .htaccess in the folder?
maybe the folder is user controlled and you do not want the authorization to be modified by users?

another option is to secure the folder in the configuration file.
place your security directives inside a <directory> section in httpd.conf

you can also use mod_rewrite to block access depending on the particular scenario.

for example, read here how to block access based on the client string
http://httpd.apache.org/docs/2.2/rewrite/rewrite_guide.html#blocking-of-robots

ShalomC
0
 

Author Comment

by:Chiehkai
ID: 24021219
Thanks for the information. I checked the link you provided, but looks like its for robots only? Can I block all access with mod_rewrite?

Thanks!
0
 
LVL 27

Accepted Solution

by:
caterham_www earned 500 total points
ID: 24021343
Yes, you can [1]. If you're on apache 2.2 I'd use mod_alias instead for performance reasons [2].
/.htaccess to protect /folder/foo
[1]
RewriteEngine on
RewriteRule ^folder/ - [F]
 
 
[2]
Redirect 403 /folder/

Open in new window

0
Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

 

Author Comment

by:Chiehkai
ID: 24021443
Hi,

I placed the following text in my .htaccess file, then placed the .htaccess fine in it's parent folder, but it didn't work :(

RewriteEngine on
RewriteRule ^/path_to_folder/ - [F]

Anything I did wrong there? I have confirmed that mod_rewrite is supported.

Thanks.
0
 
LVL 33

Expert Comment

by:shalomc
ID: 24021519
> can I block all access with mod_rewrite?

do you really want to block ALL access?

<directory /www/directory-to-block/ >
  Order Allow,Deny
  Deny from all
</directory>

the blocked directory is still available to internal processes and CGI programs.


In the directory scope, you can also deny access to a specific file or set of files

<files secretfile.jpg>
  order allow,deny
  deny from all
</files>

<FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">
  Order Allow,Deny
  Deny from all
</FilesMatch>


ShalomC
0
 

Author Comment

by:Chiehkai
ID: 24021562
Hi,

Yes I just want to block access to the public, only allowing internal scripts using it. I added the code you provided to my .htaccess file, but it returned a 500 error, is there anything wrong?
<directory /www/directory-to-block/ >
  Order Allow,Deny
  Deny from all
</directory>

Open in new window

0
 
LVL 27

Expert Comment

by:caterham_www
ID: 24021568
> Anything I did wrong there?  

No leading slash in your rule-pattern for mod_rewrite as above (difference to mod_alias and mod_rewrite used in per-server context)
RewriteEngine on
RewriteRule ^path_to_folder/ - [F]

Open in new window

0
 

Author Comment

by:Chiehkai
ID: 24021597
Hi,

I just removed the leading slash and tried again, but I could still access the files inside that folder.
RewriteEngine on
RewriteRule ^home/username/public_html/folder/folder_that_needs_to_be_blocked/ - [F]

Open in new window

0
 
LVL 27

Assisted Solution

by:caterham_www
caterham_www earned 500 total points
ID: 24021865
If you put the rule into a /home/username/public_html/folder/.htaccess

it should just be (below), not the full physical path. That portion /home/username/public_html/folder/ is striped.

<directory ...> sections are not valid in .htaccess files.
RewriteEngine on
RewriteRule ^folder_that_needs_to_be_blocked/ - [F]

Open in new window

0
 

Author Closing Comment

by:Chiehkai
ID: 31564217
It worked, thanks :)
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to enable sync between two yum repo? 1 39
winscp 000webhost.com 6 74
AWS EC2 HTTP & HTTPS 2 44
LogmeIn using Linux Ubuntu 16.04 6 63
It is possible to boost certain documents at query time in Solr. Query time boosting can be a powerful resource for finding the most relevant and "best" content. Of course the more information you index, the more fields you will be able to use for y…
In Solr 4.0 it is possible to atomically (or partially) update individual fields in a document. This article will show the operations possible for atomic updating as well as setting up your Solr instance to be able to perform the actions. One major …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

829 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question