I want to restrict access to some folders and files but only when a user tries to access to it through the url, not when the website access to these files. For example restrict the folders images, javascript,... I tried in different ways but I always got error 500. Basically, I don't want external users to list my website directory and open their files, if it is possible to accomplish.
Thanks in advance
This is pure mod_rewrite based solution:
RewriteRule ^(includes/|submit\.php) - [F,L,NC]
This will show forbidden error to use if URI contains certain paths.
You are getting a 500 error because the container cannot be used in an htaccess file (which is essentially all inside a directory container for the directory that it's in). What you need to do is remove the container from your htaccess file, and leave the Deny from all bit:
htaccess file in your document root:
Refuse direct access to all files
Order deny,allow
Deny from all
Allow from 127.0.0.1
Then create an htaccess file in the uploads/files/
, uploads/images/pages/
and uploads/images/store/ (and whatever other directories that you want to allow access to):
Allow from all
put .htaccess and edit with "Deny from all". That's it.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.