Reputation: 57723
.htaccess deny files in subfolders
I want to block access to "sub/folder/index.php", but not "index.php" anywhere else.
<Files index.php>
Order allow,deny
Deny from all
</Files>
works but blocks all "index.php" files.
<Files sub/folder/index.php>
Order allow,deny
Deny from all
</Files>
doesn't work. Do I need to use <Directory>?
I don't want to create an .htaccess file in the sub/folder
I don't have access to httpd.conf
I don't want to block everything in sub/directory
If it were that easy, I wouldn't be asking ;)
Upvotes: 12
Views: 25277
Answers (4)
Reputation: 14792
How about creating a .htaccess file in the specific folder containing the files you want to protect?
Edit:
Be careful, this actually does not work in a simple .htaccess file, see comments below. This will only work in an apache.conf file.
This should to the trick for you without another .htaccess file:
<Directory sub/folder>
<Files index.php>
Order allow,deny
Deny from all
</Files>
</Directory>
Upvotes: 1
Reputation: 30536
I think the simpliest rule is:
RedirectMatch 403 ^.*/sub/folder/index\.php$
RedirectMatch is in mod_alias module, that you certainly have. This does not implies mod_rewrite engine. Here we are simply telling apache that any access to sub/folder/index.php will generate a "403 forbidden" answer.
You can put that in a httpd.conf or in the root .htaccess (but really consider removing all .htaccess, it's bad, it's slow, it's sad that you do not have access to the real configuration files).
Upvotes: 23
Reputation: 181077
You can only use file names in <Files> sections, not paths.
There are three options I can see;
- Put a .htaccess file in the same folder as the file.
- Put the configuration in apache.conf using a <Directory> directive and a <Files> directive. <Directory> does not work in .htaccess files, only apache.conf
- Create a rewrite rule using mod_rewrite a'la;
-
RewriteEngine on
RewriteRule ^sub/folder/index.php$ http://yoursite/index.locked
Will give a 404 on the file, if you want a permission denied, create a read protected file at the pointed to location.
Upvotes: 0
Reputation: 1325
I try creating another .htaccess in that sub/folder/ to block the access to that index.php.
"If you place a .htaccess file in a sub-folder, its directives will override the ones that you have in your site main folder."
This page has further information: http://www.besthostratings.com/articles/htaccess.html
Upvotes: 2
Related Questions
- Deny access to some subdirectories via .htaccess
- How to use .htaccess deny from all on subdirectory
- Deny files with .htaccess
- htaccess deny from all in specific subfolder
- deny access to all subdirectories using htaccess
- Deny access to sub folders but not files
- Block access to files and sub directory with .htaccess?
- Deny access to subdirectories using htaccess
- .htaccess deny all except some directories
- .htaccess deny all subfolder in given folder