This question already has answers here:
How do I disable directory browsing?
(14 answers)
Closed 5 years ago.
I have a web application developed in PHP.
My requirement is to block a folder which contains uploaded documents.
For example, if a user click a document link on the application, it should open
http://localhost:1987/enterprise_resource_planning/uploads/students/documents/1499866795_100_100.pdf
if a user execute below url, it should block
http://localhost:1987/enterprise_resource_planning/uploads/students/documents/
I've tried .htaccess with Deny from all, but it is blocking everything.
Any solution for this senario ?
possible solutions:
place a file index.html or index.php in the directory
define in your httpd.conf Options -Indexes
place that line in .htaccess
personnally I prefer the 2nd line. There hardly ever is use for automatical listing of the files to a browsing visitor.
Related
This question already has answers here:
Apache .htaccess <FilesMatch> // Setting as forbidden subfolder files
(2 answers)
How to make a subfolder unreachable and files undownloadable from root directory using htaccess?
(1 answer)
Closed 5 months ago.
I want to prevent users from directly accessing specific folder files by hitting URLs in browsers like https://sampledomain.com/folder/1.jpg.
For that I implemented this code in .htaccess
<FilesMatch "\.(jpg|png|txt|zip|rar|)$">
Order Allow,Deny
Deny from all
</FilesMatch>
But It applied to all the directories available inside my server. I want to prevent user from directly accessing specific directory files.
Can anyone please help with the same?
This question already has answers here:
Allowing only localhost to access a folder where all inclusive php files exist
(5 answers)
Closed 5 years ago.
I have lot's of PHP pages in public_html folder. But I want nobody to open them except me. I don't have any registration or anything else. I just don't want anybody access them. Is this possible? Those pages are for getting reports form database.
I've tried .htaccess but not a useful try.
Just include
Option -Indexes
in .htaccess file and save it.
Then nobody will get access to that. Thanks.
The Apache .htaccess file is meant to rewrite responses by either granting or denying access to users based off the request made.
You can use an .htpasswd file in conjunction with you .htaccess file to selectively grant or deny users access to your resources by requiring authentication via a password.
This question already has answers here:
configure only allow specific domains to access certain folders using .htaccess
(4 answers)
Closed 6 years ago.
I have the following scenario:
I have text, images, videos in my root folder.
The data is sensitive
I would like to:
Limit any public direct access, but I would like to be able to access/copy them from a particular domain like abc.com.
Is this possible using .htaccess, if yes than how?
on the folder you wish to protect create an .htaccess file and put on it
Order Deny,Allow
Deny from all
Allow from Your_IP_ADDRESS
This question already has answers here:
URL rewriting with PHP
(5 answers)
Closed 8 years ago.
I have a file named index.php that contains some code and its directory address is:
http://www.example.com/user/index.php
I want to open this page in the root directory so that user think this is index page like this:
http://www.example.com/index.php
In this way my php file address is www.example.com and not www.example.com/user
What is the simplest way to do this?
This is handled by your web server, not PHP. Check your Apache / IIS / etc settings for DocumentRoot of given VirtualHost definition.
As SGT noted you can also use URL Rewriting, but again, that too is handled by the web server and has nothing to do with PHP.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Hotlinking my Cascading Style Sheets
This is a bit of a follow up to this question .htaccess don't allow user to view my folder files that don't have index.php which worked perfectly for blocking directory level access, but it still doesn't block direct access if someone knew the url
i.e. domain.com/css/ is forbidden, but domain.com/css/main.css shows the css file
how would i block direct access to that file? it seems like such a standard thing but i can't find anything for it
You can set restrictions like this:
Order Deny, Allow
Deny from all #everyone will not be allowed except the following line
Allow from 127.0.0.1 123.123.123.123 #allowed hosts separated by space
In the .htaccess for the directory, you can write:
Deny from All
This way nobody will be able to access anything in the directory remotely.