Edward
Reputation: 4631
Hiding files even from authenticated users using .htaccess
I'd like to use settings in my .htaccess-file to exclude certain files from being displayed.
- For some files (here
data/important.json) I want that even authenticated users are exceluded from viewing the content those files. - For other files (here
showerror.php) I'd like to give access to everyone.
The .htaccess-file in my root directory contains:
SetEnvIf Request_URI ^/showerror.php noauth=1
#SetEnvIf Request_URI ^/data/important.json noway=1
Order Deny,Allow
Satisfy any
Deny from all
Require user TestUser
Allow from env=noauth
#Deny from env=noway
The .htaccess-File of the folder /data/ contains:
<Files "important.json">
#Order Allow,Deny
Deny from all
</Files>
It seems that the Satisfy any allows authenticated users to view the file. So is there a way to also exclude authenticated users from viewing the content of important.json?
Upvotes: 2
Views: 55
Answers (1)
R_User
Reputation: 11082
You can simply overwrite the require of your root-.htaccess with the following require-setting in the .htaccess of your subdirectory:
Require all denied
Also see: https://httpd.apache.org/docs/current/upgrading.html
If you'd like to do this file by file, use:
<Files "important.json">
Require all denied
</Files>
Upvotes: 2
Related Questions
- .htaccess, order allow, deny, deny from all: confusion
- website showing 403-forbidden, .htaccess file has changed because of back up
- How to remove .htaccess password protection from a subdirectory
- htaccess <Directory> deny from all
- cloudflare user-agent in htaccess
- Allow single URL from htaccess file using a regex?
- extra trailing slash mod-rewrite
- block mobile (iOS / Android) access to a single CMS page in magento
- Problem with path on using .htaccess