Reputation: 69981
How can I deny all but one directory name with .htaccess?
I have this .htaccess file where I prevent users from physically accessing files from the browser (where they should only be loaded through the system)
Options -Indexes
Order deny,allow
deny from all
I have one problem though, sometimes I load files via AJAX and there I get 403 Forbidden. I have little experience with apache's mod_access. I've been reading up on the directory directive since all my AJAX based files are in one directory called ajax.
But the thing is I need to deny access to all directories except ones called ajax and my regex skills are lacking.
An example directory structure is like this.
plugins/inventory/ajax
plugins/inventory/controller
plugins/inventory/view
plugins/packages/ajax
plugins/packages/controller
plugins/packages/view
The .htaccess file sits in the plugins directory.
Upvotes: 3
Views: 4517
Answers (1)
Reputation: 124257
That you need to do this in the first place is kind of a failure of project architecture. Script files that shouldn't ever be accessible to the Web shouldn't be inside your DocumentRoot in the first place.
That said, this will probably work:
RewriteEngine on
<DirectoryMatch "/(?!.*/ajax$)">
Order deny,allow
Deny from all
</DirectoryMatch>
Upvotes: 5
Related Questions
- Deny access to one specific folder in .htaccess
- htaccess - Block access to a directory but allow access to files in a specific directory
- Deny access to all folders except a few ones using htaccess
- How to deny access to multiple folders using one .htaccess?
- .htaccess prevent access except one directory
- .htaccess - How to deny all directories except one?
- Block only directories using .htaccess
- .htaccess deny all except some directories
- ignore specific directories in htaccess using mod_rewrite
- forbid access to the all directories except one using .htaccess