I am using laravel,
In browser If I directly give the URL as below :
http://....../resources/views/users/index.blade.php
It will show the page as below :
.
I can't show page to public as above image.
How can I block access to particular folder or files ?
You need to edit/create .htaccess file of the directory you want to prevent the direct access from people.
As per the solutions given here :
Solutions - 1
I would just move the includes folder out of the web-root, but if you want to block direct access to the whole includes folder, you can put a .htaccess file in that folder that contains just:
deny from all
That way you cannot open any file from that folder, but you can
include them in php without any problems.
Solution - 2
It's possible to use a Files directive and disallow access to all
files, then use it again to set the files that are accessible:
<Files ~ "^.*">
Deny from all
</Files>
<Files ~ "^index\.php|css|js|.*\.png|.*\.jpg|.*\.gif">
Allow from all
</Files>
Also, You can Refer to Article : How to Prevent a Directory Listing of Your Website with .htaccess
Related
I am using a common file called menubar.php which obviously shows menubar. I am using REQUIRE("menubar.php") in all the files which need menubar to be shown. The problem I am facing is I don't want the menubar to be displayed if I am accessing it through url ex. localhost/project/menubar.php.
That is how I prevented direct access from URL to your menubar.php file. Paste the following code in .htaccess file inside the directory where 'menubar.php' file is located.
<Files ~ "menubar.php">
Order allow,deny
Deny from all
</Files>
It will prevent to access menubar.php file via url, but it can access inside your server language.
i got folder called recordings on my server and i want to block access from anyone to it and its content and at the same time i want the ability to call the files inside the folder from other pages
i tried htaccess rule
Options -Indexes
its just block access to the folder but when i write specific file inside the folder the browser open it and i do not want that
and i tried another htaccess rule :
deny from all
but it make me not able to call the files on other pages and i want to be able to call them
so can anyone help me ?
Use below rule,
<Files ~ "*.php">
order deny,allow
deny from all
allow from 127.0.0.1
</Files>
How do I do to stop user/client to navigate in some of my website folders using URL like this:
www.site.com/main_folder/subfolder_Contaienr/files.php
www.site.com/main_folder/data/files.php
www.site.com/main_folder/data/also_here_text_files.txt
With this URL, the user can navigate to my folders and I do not want that he navigate to my website folders.
Also everyday I have some new folders. I use files in folder for external scope (e.g in some folder there are images and need to show users. In some folders are text files in which is JSON data or some users details.)
Is there any way to stop navigate to my folders using php Code without touching .htacess file?
It sounds like your website actually requires quite a bit of restructuring in order to achieve your goal properly but this .htaccess file can be a temporary, ahem tempermanent, band-aid in the root of your site which will deny access to all files except for whitelisted extensions:
www.example.com/.htaccess
Options -Indexes // Turn off directory listings
order allow,deny // Deny all file access
<Files ~ "\.(php|html|js|css|jpg|png|gif|ico|txt|pdf)$"> // separate file extension with a pipe |
allow from all
</Files>
I am using codeigniter and have put the assets folder in the root of the application that contains a .htaccess file having the content
Deny from all
This is causing problems when I want to connect to the assets folder to get the stylesheets etc. So my question here is is there any way that I can allow the access just to that assets folder, that I have?
I have never used .htacces files so have a very basic knowlege of it. I did some research on my own as well but I wasn't able to find the solution.
In your assets directory add another .htaccess file with the following:
# /assets/.htaccess
Allow from all
And I am assuming in your root directory you have the following (which you will leave):
# /.htaccess
Deny from all
Update: Based on your comment, what you are looking to do is not really possible. The browser needs to have access to your CSS file in order to use it on your page.
I have a master folder where I hold all of my resources such as js, css, images, etc. called /resources/.
In /resources/, I have php files I include on pages of my website, however, they're currently directly accessible if entered into the browser.
Is there a way for me to use .htaccess in that directory to prevent direct requests to any files of certain extensions such as PHP?
Hotlinking prevention isn't really what I'm looking for. I just need a way to kill any sort of direct request to these PHP files(in the /resources/ directory specifically) made by anything other than the website itself.
Any help is appreciated. Thank you very much.
Add a .htaccess in your /resources/ folder containing the following
<Files ~ "\.php$">
Order allow,deny
Deny from all
</Files>
It should prevent access to all .php files