Solved

block root and subfolder using single .htaccess with deny/allow

Posted on 2011-09-06
4
1,305 Views
Last Modified: 2013-12-13
Is it possible to restrict access to the root folder and a sub folder using one .htaccess? Using deny/allow?

I have one .htaccess file in the root which has:

order deny,allow
deny from all
allow from 127.0.0.1
allow from 127.0.0.2

This blocks access to the root for all IP addresses other than 127.0.0.1 and 127.0.0.2

However I would also like to block a subfolder but I can't add another .htaccess file to any sub folders but I get internal server error if I have this:

order deny,allow
deny from all
allow from 127.0.0.1
allow from 127.0.0.2

<Directory "/xxxx/xxxx/xxxx/xxxx/domain.tld/images">
Options All
AllowOverride All
Order allow,deny
deny from all
</Directory>

Please advise
0
Comment
Question by:ellandrd
4 Comments
 
LVL 9

Expert Comment

by:parparov
ID: 36492453
What does Apache log say when you try to access that URL?
0
 
LVL 50

Accepted Solution

by:
Steve Bink earned 500 total points
ID: 36517728
You get an error because the <Directory> container can only be used in the server config or <VirtualHost> container.  If you need a per-directory setting in an .htaccess file using Allow/Deny, you need to put that file in the target directory.

Another option is to use mod_rewrite.  The parent's .htaccess file will still be processed in the chain.  Something like this:

RewriteRule ^/?images(/.*)? - [F]

Open in new window

0
 
LVL 77

Expert Comment

by:arnold
ID: 36517820
You need to alter the order of your to allow, deny.
http://www.maxi-pedia.com/Order+allow+deny

If you are blocking/restricting access at the root, what additional restrictions are you placing down the road?

Where are you adding the extended directory?

use apachectl configtest to test the configuration file httpd.conf.
0

Featured Post

Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
The viewer will learn how to dynamically set the form action using jQuery.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now