Apache Deny Access to Folder/Contents
I have a directory on my server which contains PHP and image files.
I would like to be able to deny access to everything but the image files, the user should see a 403 if they try to access anything other then an image.
They should also not be able to see the index of page.
I have attached my sample code below it correctly denies access to documents but doesn't allow me to access the images.
The rule needs to apply to all documents folder, they could be located directly under the root or in subdirectories.
Expected output should be something like:
documents/folder/ Deny
documents/folder/image.jpg
sub/documents/folder/image
documents/folder/ Deny
documents/folder/bad.bad Deny
sub/directory/folder/bad.b
I would like to be able to deny access to everything but the image files, the user should see a 403 if they try to access anything other then an image.
They should also not be able to see the index of page.
I have attached my sample code below it correctly denies access to documents but doesn't allow me to access the images.
The rule needs to apply to all documents folder, they could be located directly under the root or in subdirectories.
Expected output should be something like:
documents/folder/ Deny
documents/folder/image.jpg
sub/documents/folder/image
documents/folder/ Deny
documents/folder/bad.bad Deny
sub/directory/folder/bad.b
<Directory ~ "documents">
Order allow,deny
Deny from all
</Directory>
<FilesMatch "documents(.*?)\.(gif|jpe?g|png)$">
Allow from all
</FilesMatch>
Who is Participating?
You can not deny access for a folder but then have access to a file in the folder. Instead of setting "deny" for the folder just remove the browse right from the folder.
You're on apache 2.x?
# httpd.conf
# match documents/ except .jpg or .png etc. at the end
<Directory ~ "documents/.*+(?<!\.jpg|\.png|\.gif)$">
Order allow,deny
Deny from all
</Directory>
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
Using LocationMatch instead fixes the issue and mean I can deny access to non images in the directory.