How To Prevent File Access Without Using .Htaccess

Hi,

We have a folder on our site that we don't want to be access publicly accessed, one way to do this is placing a .htaccess file inside that folder and create some rules. But the problem is we can't place a .htaccess file in that folder, do you guys know a way to do this? We can place files in its parent folder though.

Any suggestions appreciated.
ChiehkaiAsked:
Who is Participating?
 
caterham_wwwConnect With a Mentor Commented:
Yes, you can [1]. If you're on apache 2.2 I'd use mod_alias instead for performance reasons [2].
/.htaccess to protect /folder/foo
[1]
RewriteEngine on
RewriteRule ^folder/ - [F]
 
 
[2]
Redirect 403 /folder/

Open in new window

0
 
shalomcCTOCommented:
why can't you place .htaccess in the folder?
maybe the folder is user controlled and you do not want the authorization to be modified by users?

another option is to secure the folder in the configuration file.
place your security directives inside a <directory> section in httpd.conf

you can also use mod_rewrite to block access depending on the particular scenario.

for example, read here how to block access based on the client string
http://httpd.apache.org/docs/2.2/rewrite/rewrite_guide.html#blocking-of-robots

ShalomC
0
 
ChiehkaiAuthor Commented:
Thanks for the information. I checked the link you provided, but looks like its for robots only? Can I block all access with mod_rewrite?

Thanks!
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
ChiehkaiAuthor Commented:
Hi,

I placed the following text in my .htaccess file, then placed the .htaccess fine in it's parent folder, but it didn't work :(

RewriteEngine on
RewriteRule ^/path_to_folder/ - [F]

Anything I did wrong there? I have confirmed that mod_rewrite is supported.

Thanks.
0
 
shalomcCTOCommented:
> can I block all access with mod_rewrite?

do you really want to block ALL access?

<directory /www/directory-to-block/ >
  Order Allow,Deny
  Deny from all
</directory>

the blocked directory is still available to internal processes and CGI programs.


In the directory scope, you can also deny access to a specific file or set of files

<files secretfile.jpg>
  order allow,deny
  deny from all
</files>

<FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">
  Order Allow,Deny
  Deny from all
</FilesMatch>


ShalomC
0
 
ChiehkaiAuthor Commented:
Hi,

Yes I just want to block access to the public, only allowing internal scripts using it. I added the code you provided to my .htaccess file, but it returned a 500 error, is there anything wrong?
<directory /www/directory-to-block/ >
  Order Allow,Deny
  Deny from all
</directory>

Open in new window

0
 
caterham_wwwCommented:
> Anything I did wrong there?  

No leading slash in your rule-pattern for mod_rewrite as above (difference to mod_alias and mod_rewrite used in per-server context)
RewriteEngine on
RewriteRule ^path_to_folder/ - [F]

Open in new window

0
 
ChiehkaiAuthor Commented:
Hi,

I just removed the leading slash and tried again, but I could still access the files inside that folder.
RewriteEngine on
RewriteRule ^home/username/public_html/folder/folder_that_needs_to_be_blocked/ - [F]

Open in new window

0
 
caterham_wwwConnect With a Mentor Commented:
If you put the rule into a /home/username/public_html/folder/.htaccess

it should just be (below), not the full physical path. That portion /home/username/public_html/folder/ is striped.

<directory ...> sections are not valid in .htaccess files.
RewriteEngine on
RewriteRule ^folder_that_needs_to_be_blocked/ - [F]

Open in new window

0
 
ChiehkaiAuthor Commented:
It worked, thanks :)
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.