TimNguyenBSM
Reputation: 827
Protect access to files and folders via url
In my .htaccess file, I am using the below to prevent direct access to folders:
Options -Indexes
I am using the below to prevent access to a critical file of ours:
<Files admin.php>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from (my ipaddress)
</Files>
So, now users cant go to www.domain.com/scripts as it throw 404 error, nor can they access admin.php
But how do I prevent direct access to all?
For example, if someone knew the filename, they can still get to it, such as: www.domain.com/scripts/process.php
What to do?
Upvotes: 2
Views: 2391
Answers (1)
anubhava
Reputation: 785146
Using mod_rewrite:
Put this rule on top of all other rules:
RewriteRule ^scripts(/.*|)$ - [F,NC]
Without using mod_rewrite:
Put this code in scripts/.htaccess:
Order Deny,Allow
Deny from all
UPDATE: To block direct access to all files:
# If the request is for a valid file
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{THE_REQUEST} \..+[\s?]
# return forbidden error if not static files
RewriteRule (?!^.+\.(?:jpe?g|gif|bmp|png|tiff|css|js)$)^.*$ - [F]
Upvotes: 2
Related Questions
- Securing a folder on my webserver
- How to prevent users from accessing files directly from url?
- PHP protect directory from direct URL access
- Restrict access to directory for users
- Prevent direct url access to files
- Protecting folders with .htaccess
- How can i protect a URL/Directory in my site?
- Protect a folder by .htaccess RewriteRule to php
- Help securing files access with htaccess and php?
- protect folders via htaccess