How to deny access to files, folders through htaccess file. In this tutorial, We are going to learn .htaccess directives through which we can deny direct access to files and folders.
How to Deny Access to Files, Folders through htaccess
What is .htaccess File?
.htaccess is a configuration file used by a web server (Apache). The full form of htaccess is Hypertext Access. Htaccess files are used to override server global configuration for the directory level in which you place this file.
.htaccess file contain directives, which is read by webserver (Apache) and apply them to the directory level where this htaccess file is placed.
Why we use the .htaccess File?
The .htaccess file is very useful when
i) You don’t have an access to httpd.conf file (Apache main configuration file).
ii) You want to enforce some directory level configuration.
Imagine you have more than one website running on the same server and you want to configure different rules for each website. In that case, you won’t change global configuration (httpd.conf file) as it applies to both the websites. In that case, the .htaccess file is an ideal way to specify changes.
Application of .htaccess File
There are a lot of things you can do through by using the .htaccess file. Here’s the list of some useful things you can easily do by using the .htaccess file.
Password Protect a Folder through .htaccess
URL Rewriting – Create Seo-Friendly through .htaccess
How to Prevent Image hotlinking through .htaccess File
How to Leverage browser Caching through .htaccess File
How to Deny Access to Files, Folders through htaccess
To prevent direct access of all the files and folders of your project. Create a .htaccess file in the root of your project directory structure. Then open the .htaccess file and write this directive deny from all.
|
1 |
deny from all |
Now you are done. If you want to check whether this directive is working or not. Try to access any file or folder of your project. You will get the following message.
|
1 2 3 4 5 |
Forbidden You don't have permission to access /example/ on this server. Apache/2.4.7 (Ubuntu) Server at localhost Port 80 |
How to Password Protect Folder through .htaccess
How to Deny Access to a Certain File Types through .htaccess
Now we have discussed how to prevent direct access to files and folders through .htaccess. But sometimes we need to prevent certain file types for direct access. Let’s understand how to prevent the access of certain file types.
How to Deny Access to all Files with .php Extension through htaccess
|
1 2 3 4 |
<Files ~ "\.php$"> Order allow,deny Deny from all </Files> |
How to Deny all Files with .inc Extension
|
1 2 3 4 |
<Files ~ "\.inc$"> Order allow,deny Deny from all </Files> |
How to Deny Access to a Single File through .htaccess
Suppose, I want to prevent an access to a specific file. Let’s take an example of config file which has all the system configuration. config.php is one example, you can include any PHP file. To disallow the access to single you need to mention the file name in .htaccess.
Deny access to config.php file through htaccess
|
1 2 3 4 |
<Files config.php> order allow,deny Deny from all </Files> |
2. How to Deny Access to .htaccess file.
|
1 2 3 4 |
<Files ~ "^\.htaccess"> Order allow,deny Deny from all </Files> |
How to Prevent Any Direct Directory Browsing through htaccess
Deny access to an app folder.
|
1 2 3 4 |
<Directory ~ "\app"> Order allow,deny Deny from all </Directory> |
Put this code in your .htaccess file to prevent any direct directory browsing through the browser.
|
1 2 |
# directory browsing Options All -Indexes |
There is a lot of things which can be done through .htaccess files. Read How to leverage browser caching through .htaccess file
