I am new in php i want to restrict user for folder access user can not access my images folder and i have one thumb folder in that images folder what should i do for that.
exammple :- i have one folder _cat_img and in that i have one more folder that name is thumb. i want to restrict user for both folders
i am try to use code with .htaccess but it's not working.
i am using this in htaccess
**Deny from All**
but it is restrict all folders what should i do to to restrict user for particular folder access any one help me for this
Use Directory apache directive for specifying a particular directory. Then give access directives (allow or deny) inside it.
<Directory "fullpath/_cat_img">
Order Deny,allow
Deny from all
</Directory>
<Directory "full_path/thumb">
Order Deny,allow
Deny from all
</Directory>
Edit
To activate .htaccess edit your apache conf and inside virtual host section of your website add these.
<Directory documnet_root>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
Restart apache.
Related
I want to hide my uploads folder but i want to access it via php . Is this possible with .htaccess ?
I tried something but didn't worked.
<files "/uploads">
order allow,deny
deny from all
</files>
<folders uploads>
Order Allow,Deny
Deny from all
</folders>
You're almost there, but it depends on what version of Apache you're using also.
The above method you're trying is if you want to block access to a specific file, if you want to block a folder, then add your .htaccess file to that folder and just use:
Below 2.4:
deny from all
2.4 or above:
Require all denied
IMPORTANT EDIT
You can just upload a .htaccess to the folder that you want to block with the following:
Deny from all
If there is some issue, add:
Allow from 127.0.0.1
It worked well for me.
Original answer
Try:
<Directory "/uploads">
Order allow,deny
Deny from all
Allow from 127.0.0.1
</Directory>
EDIT:
The code above will deny all except the local ip (of your server).
As thickguru said, it also depends on your apache version. Here are some other ways to do it:
<Directory "/uploads">
Require local
</Directory>
It will only allow if requested by the server (your script or somewhat on the server).
Or:
<Directory "/uploads">
Require ip 127.0.0.1
</Directory>
The same as above, but using the local adress. You can also add other ips to it. All the ips that you add there will be allowed to access the folder.
I have a webserver with apache, say ip is 12.345.678.90. In my www directory there are a few sites, say, site1 and site2. Both belong to the same ip address - I created virtual hosts. Websites are on cakephp framework and there are a lots of directories, for example, app, app/tmp, lib, lib/Cake etc. When accessing the website like http://site1.com or http://site2.com everything is all right, and no way these directories can be viewed or accessed, but through ip I can see everything.
http://12.345.678.90/
http://12.345.678.90/site1/lib
http://12.345.678.90/site1/app
http://12.345.678.90/site1/app/tmp
etc - all this directories with containing files for each site are visible. So, how I can prevent any kind of access through ip address ? Actually when opening just the ip http://12.345.678.90 it just shows nothing, as I had created empty index.html file, but I cant do that for all the folders,(or create htaccess for each directory). Can this be handled through single htaccess, or maybe better, by apache config, or by some other way ?
Thanks
Try this
To disable Directory Listing
In your Apache configuration file (httpd.conf) file locate the directory section eg: /var/www/html
<Directory "/var/www/html">
Options Indexes FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
</Directory>
Remove the word Indexes or change Indexes to -Indexes
Then restart your Apache server service httpd restart
To Restrict Access: Directory Level
You can restrict access to certain directories by adding the following
<Directory "/var/www/html/site1/mydirectory">
Order allow,deny
Deny from all
</Directory>
By adding the above configuration to apache conf file the mydirectory will be blocked/restricted from access.
To Restrict Access: File Level
If you want to restrict a certain file in a directory. Add -
<Directory "/var/www/html/site1/mydirectory">
Order allow,deny
Allow from all
<Files myfile.php>
Order allow,deny
</Files>
</Directory>
To prevent access of all files by IP Address
<Files ~ ".+">
Order allow,deny
Deny from all
</Files>
this should work(add it to you main .htaccess file)
Options All -Indexes
this wont't allow other to see the files in your folder
is It possible to restrict a subdomain from accessing its parent domain? For example
I have a domain called example.com which files are in /public_html
then I have a subdomain, name.example.com, which is located in /public_html/name. Now I want to prevent the files in the subdomain from accessing the files in the parent domain in every way. So , that includes, JavaScript and PHP, but PHP is allowed on both the subdomain and parent domain
any solutions for this?
thanks in advance
You should configure your apache httpd.conf file, please see Security Tips
<Directory />
Require all denied
</Directory>
This will forbid default access to filesystem locations. Add appropriate Directory blocks to allow access only in those areas you wish. For example,
<Directory /usr/users/*/public_html>
Require all granted
</Directory>
<Directory /usr/local/httpd>
Require all granted
</Directory>
I have folder containing several files and sub-folders such as the following:
-/folder
-/subfolder
-/subfolder
-/subfolder
-/etc...
-index.html
-control.php
-ads.php
-/etc...
Now I want to disable work PHP or other files in main directory only (-/folder) like (-index.html, -control.php) , but all sub-folder files I want to works well.
I want to have effect on the files within that main folder only .
If I understand the question correctly, you need a .htaccess in the given directory with this content:
deny from all
Edit: Since as far as I know .htaccess rules apply to all subdirectories as well, you might have to create a .htaccess file in each subdir to override the restriction specified for root
allow from all
The configuration directives found in a .htaccess file are applied to
the directory in which the .htaccess file is found, and to all
subdirectories thereof.
http://httpd.apache.org/docs/current/howto/htaccess.html#how
You can use multiple directives to override the first directive
<directory /path/to/dir>
Order Allow,Deny
Deny from All
</directory>
<directory /path/to/dir/subdir>
Order Deny,Allow
Allow from All
</directory>
If you are using apache, you can add to your virtual-host the
<directory /path/to/dir>
Order allow,deny
Deny from All
</directory>
directive for each sub-directories, see http://httpd.apache.org/docs/2.2/howto/access.html
(I hope I understand your need)
Edit
if you need to filter files instead of directories, you can use a glob matching like that
<Files *.php>
Order allow,deny
Deny from All
</Files>
See http://httpd.apache.org/docs/2.2/en/mod/core.html#files
I am doing PHP web application, with Apache.
There are a few configuration files ( like App.yml) whose content I don't want to expose to users under whatsoever circumstances. Is there anyway that I can tweak my Apache setting so that these files won't be available when hostile users query for them?
The best option would be to place the files outside of your document root.
If that's not possible, you can deny access to them in apache .conf file (or a .htaccess file) with
<Directory /path/to/dir>
Deny from all
</Directory>
You can create a .htaccess file in that directory and place in it
order deny,allow
deny from all
You can also do this if you only want to block one file.
<Files filenamehere>
order deny,allow
deny from all
</Files>