htaccess <Directory> deny from all
Apache.HtaccessApache2Apache Problem Overview
I've been cleaning up my project lately. I have a main .htaccess in the root directory and 6 others. 5 of them ran Options -Indexes
which i didn't see anypoint of allowing any Directory viewing so moved that to the main one. so now i only have 2 .htaccess files. the main and one in /system
which holds
# Block External Access
deny from all
So i wanted to run that on /system
only from within the main. So i deleted the one in /system and added
# Block External Access
<Directory "/system/">
deny from all
</Directory>
to my main .htaccess file leaving 1!
but now i get a
> Internal Server Error > > The server encountered an internal error or misconfiguration and was > unable to complete your request. > > Please contact the server administrator, webmaster@localhost and > inform them of the time the error occurred, and anything you might > have done that may have caused the error. > > More information about this error may be available in the server error > log. > > Apache/2.2.17 (Ubuntu) Server at 10.0.1.5 Port 80
The goal is to block reading any files in /system and it's sub directory's but allow viewing of everything else all from one .htaccess
file for the whole project. Any ideas on how i can fix this? I did some Google searches but couldn't really come out with anything.
Apache Solutions
Solution 1 - Apache
You cannot use the Directory directive in .htaccess. However if you create a .htaccess file in the /system directory and place the following in it, you will get the same result
#place this in /system/.htaccess as you had before
deny from all
Solution 2 - Apache
You can also use RedirectMatch directive to deny access to a folder.
To deny access to a folder, you can use the following RedirectMatch in htaccess :
RedirectMatch 403 ^/folder/?$
This will forbid an external access to /folder/ eg : http://example.com/folder/ will return a 403 forbidden error.
To deny access to everything inside the folder, You can use this :
RedirectMatch 403 ^/folder/.*$
This will block access to the entire folder eg : http://example.com/folder/anyURI will return a 403 error response to client.
Solution 3 - Apache
You can use from root directory:
RewriteEngine On
RewriteRule ^(?:system)\b.* /403.html
Or:
RewriteRule ^(?:system)\b.* /403.php # with header('HTTP/1.0 403 Forbidden');