How to deny access to a file in htaccess

Question

I have the following  htaccess file   RewriteEngine On RewriteBase      Protect the htaccess file  lt Files  htaccess gt  Order Allow Deny Deny from all  lt  Files gt     Protect log txt  lt Files   inscription log txt gt  Order Allow Deny Deny from all  lt  Files gt     Disable directory browsing Options All -Indexes   I am trying to forbid visitors to access the following file   domain com inscription log txt   but what I have above does not work  I can still access the file from the browser remotely

User · Accepted Answer

Within an htaccess file  the scope of the  lt Files gt  directive only applies to that directory  I guess to avoid confusion when rules directives in the htaccess of subdirectories get applied superceding ones from the parent    So you can have    lt Files  log txt  gt      Order Allow Deny   Deny from all  lt  Files gt    For Apache 2 4   you d use    lt Files  log txt  gt      Require all denied  lt  Files gt    In an htaccess file in your inscription directory  Or you can use mod rewrite to sort of handle both cases deny access to htaccess file as well as log txt   RewriteRule     htaccess  -  F L   RewriteRule    inscription log  txt  -  F L

User · Answer

I don t believe the currently accepted answer is correct  For example  I have the following  htaccess file in the root of a virtual server  apache 2 4     lt Files  reminder php  gt  require all denied require host localhost require ip 127 0 0 1 require ip xxx yyy zzz aaa  lt  Files gt    This prevents external access to reminder php which is in a subdirectory  I have a similar  htaccess file on my Apache 2 2 server with the same effect    lt Files  reminder php  gt          Order Deny Allow         Deny from all         Allow from localhost         Allow from 127 0 0 1      Allow from xxx yyy zzz aaa  lt  Files gt    I don t know for sure but I suspect it s the attempt to define the subdirectory specifically in the  htaccess file  viz  lt Files   inscription log txt gt  which is causing it to fail   It would be simpler to put the  htaccess file in the same directory as log txt i e  in the inscription directory and it will work there

User · Answer

Place the below line in your  htaccess file and replace the file name as you wish  RewriteRule   test  php  -  F L NC

User · Answer

Strong pattern matching     This is the method that I use here at Perishable Press  Using strong pattern matching  this technique prevents external access to any file containing     hta         HTA     or any case-insensitive combination thereof  To illustrate  this code will prevent access through any of the following requests     htaccess  HTACCESS  hTaCcEsS testFILE htaccess filename HTACCESS FILEROOT hTaCcEsS     etc   etc  Clearly  this method is highly effective at securing your site   s HTAccess files  Further  this technique also includes the fortifying    Satisfy All    directive  Note that this code should be placed in your domain   s root HTAccess file     STRONG HTACCESS PROTECTION  lt Files           Hh  Tt  Aa    gt  order allow deny deny from all satisfy all  lt  Files gt

User · Answer

Well you could use the  lt Directory gt  tag for example    lt Directory  inscription gt     lt Files log txt gt      Order allow deny     Deny from all    lt  Files gt   lt  Directory gt    Do not use    because if you just use   it looks at the root directory of your site   For a more detailed example visit http   httpd apache org docs 2 2 sections html

[.htaccess] How to deny access to a file in .htaccess

Examples related to .htaccess