Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2404
  • Last Modified:

Apache Deny Access to Folder/Contents

I have a directory on my server which contains PHP and image files.

I would like to be able to deny access to everything but the image files, the user should see a 403 if they try to access anything other then an image.

They should also not be able to see the index of page.

I have attached my sample code below it correctly denies access to documents but doesn't allow me to access the images.

The rule needs to apply to all documents folder, they could be located directly under the root or in subdirectories.

Expected output should be something like:

documents/folder/ Deny
documents/folder/image.jpg Allow
sub/documents/folder/image.jpg Allow

documents/folder/ Deny
documents/folder/bad.bad Deny
sub/directory/folder/bad.bad Deny
<Directory ~ "documents">
Order allow,deny
Deny from all
</Directory>
 
<FilesMatch "documents(.*?)\.(gif|jpe?g|png)$">
Allow from all
</FilesMatch>

Open in new window

0
nick_2007
Asked:
nick_2007
Advertise Here
  • 3
2 Solutions
 
kyodaiCommented:
You can not deny access for a folder but then have access to a file in the folder. Instead of setting "deny" for the folder just remove the browse right from the folder.
0
 
nick_2007Author Commented:
Could you show the conf settings I would need for this?
0
 
caterham_wwwCommented:
You're on apache 2.x?


# httpd.conf
# match documents/ except .jpg or .png etc. at the end
<Directory ~ "documents/.*+(?<!\.jpg|\.png|\.gif)$">
Order allow,deny
Deny from all
</Directory>

Open in new window

0
 
nick_2007Author Commented:
Turns out FileMatch only checks the filename not the directory path as well.

Using LocationMatch instead fixes the issue and mean I can deny access to non images in the directory.
0
 
nick_2007Author Commented:
I tried your method caterham it doesn't prevent access to non image files.

Yes it's Apache 2.2.11
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Start Now
  • 3
Advertise Here
Tackle projects and never again get stuck behind a technical roadblock.
Join Now