My Directory structure is like this.
Root
|
assets
|-js
|-css
|-img
action
|a.php
|-b.php
include
|-inc1.php
|-inc2.php
I'm using Option Options -Indexes in .htaccess file but i have to put this file in every directory. Is there a way i can use only one hraccess file and put rule on directories? Also i wanted to know .If i use htaccess will it stop my php file from accessing the resources from these directories?
Drupal uses this in the root directory to prevent client access to some files. "profile" and "module" are directories. [Correction: profile and module are directories, but in the Drupal expression below it is checked as an extension.]
# Protect files and directories from prying eyes.
<FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl|svn-base)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template|all-wcprops|entries|format|LICENSE.txt)$">
Order allow,deny
</FilesMatch>
For you you'd want to change the matching rule to something like this:
<FilesMatch "^(assets|action|include)$">
It's normal to use just one .htacces file in the root directory. If you want to apply rules to particular directories without adding another .htaccess file, you may be able to apply rules based on the url if the url maps with the folders. It would be easier to help you if you provided a concrete example
Related
I have the following folder structure:
+users
-adduser.php
-viewuser.php
When a visitor navigates to example.com/users it's showing the folder structure. I need to restrict visitors ability to see the file listing, either by hiding it or removing it. How can I do that in php?
If you don't want to (or can't) deal with Apache configuration, create an empty file named index.html (or index.php if you prefer) in your users folder.
You can create a .htaccess file on root folder with following;
RewriteEngine on
Redirect 301 /users http://www.example.com/404.html
Then you just need to create 404.html in your website and change example.com with your domain.
Now your /users path will redirect to 404.html.
You can add the following to your Apache virtual host file:
<Directory "path_to_folder">
Options -Indexes
</Directory>
The above rule will disallow directory listing. It was suggested in this post: Using .htaccess, prevent users from accessing resource directories, and yet allow the sourcecode access resources
I am using codeigniter and have put the assets folder in the root of the application that contains a .htaccess file having the content
Deny from all
This is causing problems when I want to connect to the assets folder to get the stylesheets etc. So my question here is is there any way that I can allow the access just to that assets folder, that I have?
I have never used .htacces files so have a very basic knowlege of it. I did some research on my own as well but I wasn't able to find the solution.
In your assets directory add another .htaccess file with the following:
# /assets/.htaccess
Allow from all
And I am assuming in your root directory you have the following (which you will leave):
# /.htaccess
Deny from all
Update: Based on your comment, what you are looking to do is not really possible. The browser needs to have access to your CSS file in order to use it on your page.
I'm in a situation wherein I have file includes but I don't want other people going on the "includes" directory and viewing the pages individually via browser.
I'm quite familiar with how to approach it via inside the PHP files themselves but I want to use the .htaccess for preventing it this time.
So how do I configure .htaccess to prevent users NOT coming from a certain referrer from viewing the PHP files inside the "includes" folder?
.htaccess will work, but just to suggest an alternative - why not move your include directory outside the webroot? Your scripts can still access it, and there's no need to configure apache to deny access.
Put a .htaccess file in the directory you would like to not be viewed and put this in there:
order allow, deny
deny from all
This is the simple block all approach. More info on how to block by referer can be found here.
Hope this helps.
As lot of web hosting solutions explicitly limit you to working within the a public_html (or equiv) hierarchy. So I use a simple convention: if I don't want a file or directory to be private -- that is not accessible through a URI -- then I prefix its name with either a "_" or a ".", for example my PHP includes directory is called "_includes".
I use this pattern in my .htaccess files to enforce this:
SetEnvIf Request_URI "(^_|/_|^\.|/\.)" forbidden
<Files *>
Order allow,deny
Allow from all
Deny from env=forbidden
</Files>
You can use this approach, but modify the regexp to whatever suits your personal convention. One advantage is that it works with this template in your DOCROOT .htaccess file. You don't need to have .htaccess files in the restricted subdirectories.
:-)
I can't figure out how to use .htaccess to redirect when any file is accessed within a directory, or, how to redirect when a specific file type (eg. .txt or .php) is accessed.
I've got a directory called "contents" where I'm storing .txt files, these are pulled into the main page using php. However, I don't want users to be able to access the specific text files where the contents are, eg. going directly to .../contents/textfile.txt. I'd like if a user happened on a .txt file, or any file within the contents directory, to be redirected to the root site.
If this isn't the right approach, please let me know what would be so I can search to attack it from another way.
Thanks in advance!
I would prefer to lock the directory down, so that users are informed that it's an invalid directory. Create a .htaccess file in the contents-directory with the following text:
deny from all
If you want a redirect, you should investigate "mod_rewrite" - a module that is installed on many webhosts. It will probably be something similar to
RewriteEngine on
RewriteRule ^.+ http://www.example.com/ [R,L]
use the Deny Directive
add,
Order Deny,Allow
deny from all
allow from 127.0.0.1
into a .htaccess and place it in contents directory.
I want to restrict access to certain web directories in my website using .htaccess file. I know one way using
order allow,deny
deny from all
But it restricts only the first directory. It doesn't work for the remaining ones. Please help
You are wrong, using deny from all also applies to subdirectories.
i.e. unless there is another .htaccess inside the other sub directories that allows the access
Options -Indexes add this line at the top of the .htaccess file