?
Solved

Apache Deny Access to Folder/Contents

Posted on 2009-04-01
5
Medium Priority
?
2,388 Views
Last Modified: 2012-05-06
I have a directory on my server which contains PHP and image files.

I would like to be able to deny access to everything but the image files, the user should see a 403 if they try to access anything other then an image.

They should also not be able to see the index of page.

I have attached my sample code below it correctly denies access to documents but doesn't allow me to access the images.

The rule needs to apply to all documents folder, they could be located directly under the root or in subdirectories.

Expected output should be something like:

documents/folder/ Deny
documents/folder/image.jpg Allow
sub/documents/folder/image.jpg Allow

documents/folder/ Deny
documents/folder/bad.bad Deny
sub/directory/folder/bad.bad Deny
<Directory ~ "documents">
Order allow,deny
Deny from all
</Directory>
 
<FilesMatch "documents(.*?)\.(gif|jpe?g|png)$">
Allow from all
</FilesMatch>

Open in new window

0
Comment
Question by:nick_2007
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 11

Assisted Solution

by:kyodai
kyodai earned 500 total points
ID: 24037347
You can not deny access for a folder but then have access to a file in the folder. Instead of setting "deny" for the folder just remove the browse right from the folder.
0
 

Author Comment

by:nick_2007
ID: 24037374
Could you show the conf settings I would need for this?
0
 
LVL 27

Expert Comment

by:caterham_www
ID: 24037534
You're on apache 2.x?


# httpd.conf
# match documents/ except .jpg or .png etc. at the end
<Directory ~ "documents/.*+(?<!\.jpg|\.png|\.gif)$">
Order allow,deny
Deny from all
</Directory>

Open in new window

0
 

Accepted Solution

by:
nick_2007 earned 0 total points
ID: 24037562
Turns out FileMatch only checks the filename not the directory path as well.

Using LocationMatch instead fixes the issue and mean I can deny access to non images in the directory.
0
 

Author Comment

by:nick_2007
ID: 24037581
I tried your method caterham it doesn't prevent access to non image files.

Yes it's Apache 2.2.11
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
Although a lot of people devote their energy toward marketing for specific industries, there are some basic principles that can be applied to any sector imaginable. We’ll look at four steps to take and examine how those steps were put into action fo…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This video teaches users how to migrate an existing Wordpress website to a new domain.
Suggested Courses

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question