?
Solved

How To Prevent File Access Without Using .Htaccess

Posted on 2009-03-30
10
Medium Priority
?
468 Views
Last Modified: 2013-12-16
Hi,

We have a folder on our site that we don't want to be access publicly accessed, one way to do this is placing a .htaccess file inside that folder and create some rules. But the problem is we can't place a .htaccess file in that folder, do you guys know a way to do this? We can place files in its parent folder though.

Any suggestions appreciated.
0
Comment
Question by:Chiehkai
  • 5
  • 3
  • 2
10 Comments
 
LVL 33

Expert Comment

by:shalomc
ID: 24017184
why can't you place .htaccess in the folder?
maybe the folder is user controlled and you do not want the authorization to be modified by users?

another option is to secure the folder in the configuration file.
place your security directives inside a <directory> section in httpd.conf

you can also use mod_rewrite to block access depending on the particular scenario.

for example, read here how to block access based on the client string
http://httpd.apache.org/docs/2.2/rewrite/rewrite_guide.html#blocking-of-robots

ShalomC
0
 

Author Comment

by:Chiehkai
ID: 24021219
Thanks for the information. I checked the link you provided, but looks like its for robots only? Can I block all access with mod_rewrite?

Thanks!
0
 
LVL 27

Accepted Solution

by:
caterham_www earned 2000 total points
ID: 24021343
Yes, you can [1]. If you're on apache 2.2 I'd use mod_alias instead for performance reasons [2].
/.htaccess to protect /folder/foo
[1]
RewriteEngine on
RewriteRule ^folder/ - [F]
 
 
[2]
Redirect 403 /folder/

Open in new window

0
Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

 

Author Comment

by:Chiehkai
ID: 24021443
Hi,

I placed the following text in my .htaccess file, then placed the .htaccess fine in it's parent folder, but it didn't work :(

RewriteEngine on
RewriteRule ^/path_to_folder/ - [F]

Anything I did wrong there? I have confirmed that mod_rewrite is supported.

Thanks.
0
 
LVL 33

Expert Comment

by:shalomc
ID: 24021519
> can I block all access with mod_rewrite?

do you really want to block ALL access?

<directory /www/directory-to-block/ >
  Order Allow,Deny
  Deny from all
</directory>

the blocked directory is still available to internal processes and CGI programs.


In the directory scope, you can also deny access to a specific file or set of files

<files secretfile.jpg>
  order allow,deny
  deny from all
</files>

<FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">
  Order Allow,Deny
  Deny from all
</FilesMatch>


ShalomC
0
 

Author Comment

by:Chiehkai
ID: 24021562
Hi,

Yes I just want to block access to the public, only allowing internal scripts using it. I added the code you provided to my .htaccess file, but it returned a 500 error, is there anything wrong?
<directory /www/directory-to-block/ >
  Order Allow,Deny
  Deny from all
</directory>

Open in new window

0
 
LVL 27

Expert Comment

by:caterham_www
ID: 24021568
> Anything I did wrong there?  

No leading slash in your rule-pattern for mod_rewrite as above (difference to mod_alias and mod_rewrite used in per-server context)
RewriteEngine on
RewriteRule ^path_to_folder/ - [F]

Open in new window

0
 

Author Comment

by:Chiehkai
ID: 24021597
Hi,

I just removed the leading slash and tried again, but I could still access the files inside that folder.
RewriteEngine on
RewriteRule ^home/username/public_html/folder/folder_that_needs_to_be_blocked/ - [F]

Open in new window

0
 
LVL 27

Assisted Solution

by:caterham_www
caterham_www earned 2000 total points
ID: 24021865
If you put the rule into a /home/username/public_html/folder/.htaccess

it should just be (below), not the full physical path. That portion /home/username/public_html/folder/ is striped.

<directory ...> sections are not valid in .htaccess files.
RewriteEngine on
RewriteRule ^folder_that_needs_to_be_blocked/ - [F]

Open in new window

0
 

Author Closing Comment

by:Chiehkai
ID: 31564217
It worked, thanks :)
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses
Course of the Month17 days, 11 hours left to enroll

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question