Deny access to one specific folder in .htaccess

I'm trying to deny users from accessing the site/includes folder by manipulating the URL.

I don't know if I have to deny everything and manually make individual exceptions to allow, if I can just deny this one folder, or if there's a rewrite function that can be used.

Specific example: I don't want to see the directory files by typing in localhost/site/includes into the URL.

Create site/includes/.htaccess file and add this line:

Deny from all

deny direct access to a folder and file by htaccess, I would just move the includes folder out of the web-root, but if you want to block direct access to the whole includes folder, you can put a  How to Deny Access to Files, Folders through htaccess To prevent direct access of all the files and folders of your project. Create a .htaccess file in the root of your project directory structure.  Then open the.htaccess file and write this directive deny from all.

You can also deny access to a folder using RedirectMatch

Add the following line to htaccess

RedirectMatch 403 ^/folder/?$

This will return a 403 forbidden error for the folder ie : http://example.com/folder/ but it doest block access to files and folders inside that folder, if you want to block everything inside the folder then just change the regex pattern to ^/folder/.*$ .

Another option is mod-rewrite If url-rewrting-module is enabled you can use something like the following in root/.htaccss :

RewriteEngine on

RewriteRule ^folder/?$ - [F,L]

This will internally map a request for the folder to forbidden error page.

Using .htaccess to restrict access to Files and Directories, Using . htaccess to restrict access to Files and Directories. Deny Access to .htaccess Itself. Add the following lines in your . htaccess file to prevent access to . Disable Directory Indexing. The following line in . Prevent access to certain files. Even if you remove directories and files from listing, they are still Three most important security settings you should consider adding to your .htaccess file are: 1. Deny Access to .htaccess Itself. 2. Disable Directory Indexing. 3. Prevent access to certain files.

In an .htaccess file you need to use

Deny from  all

Put this in site/includes/.htaccess to make it specific to the includes directory

If you just wish to disallow a listing of directory files you can use

Options -Indexes 

How to block access to a specific folder?, To block all access to a specific folder in your account, you should add this rule to the .htaccess file in that folder: Deny from all. If the .htaccess file does not exist,  Now, if you want to allow access from all IP addresses but restrict access from a specific one, you can use this format: order allow,deny deny from UndesiredIP allow from all. Here, as in the previous example, replace UndesiredIP with the IP address you want to restrict. Make sure to save the .htaccess file to apply the changes. If you want to

We will set the directory to be very secure, denying access for all file types. Below is the code you want to insert into the .htaccess file.

Order Allow,Deny 
Deny from all 

Since we have now set the security, we now want to allow access to our desired file types. To do that, add the code below to the .htaccess file under the security code you just inserted.

<FilesMatch "\.(jpg|gif|png|php)$">
Order Deny,Allow
   Allow from all
</FilesMatch>

your final .htaccess file will look like

Order Allow,Deny 
Deny from all 

<FilesMatch "\.(jpg|gif|png|php)$">
Order Deny,Allow
   Allow from all
</FilesMatch>

Source from Allow access to specific file types in a protected directory

Deny access to subfolder and file with .htaccess, Instead of file directive try using location : <Location "path/to/folder-or-file"> Order Allow,Deny Deny from all </Location>. Below is the code you want to insert into the .htaccess file. Order Allow,Deny Deny from all Since we have now set the security, we now want to allow access to our desired file types. To do that, add the code below to the .htaccess file under the security code you just inserted.

You can create a .htaccess file for the folder, wich should have denied access with

Deny from  all

or you can redirect to a custom 404 page

Redirect /includes/ 404.html

How do I deny access to my site with an .htaccess file? – DreamHost , If you wish to block access to files in a directory during a specific time of day, then you can do so by adding the following code to an .htaccess  You can use the following in htaccess to allow and deny access to your site : SetEnvIf remote_addr ^1\.2\3\.4\.5$ allowedip=1 Order deny,allow deny from all allow from env=allowedip We first set an env variable allowedip if the client ip address matches the pattern, if the pattern matches then env variable allowedip is assigned the value 1 .

Deny Access to Files, Folders through htaccess, How to Deny Access to a Certain File Types through .htaccess. Now we have discussed how to prevent direct access to files and folders  Create .htaccess file inside the desired folder with the following contents: Deny from all Edit apache2.conf or httpd.conf , whatever you find in Apache2 directory (probably located in /etc/apache2 ).

Use .htaccess to block *All* access to specific folders, You can just create a .htaccess with. DENY FROM ALL. for the folders (put the file it in those). Also with mod_rewrite on www/.htaccess: RewriteEngine On  This can be done via the htaccess file. Below are the instructions for preventing access to specific files via the .htaccess file. Preventing access to certain files via htaccess. First, you will need to log into your cPanel to access the htaccess file. Find the Files category and click on the File Manager icon.

10 Useful htaccess Code Snippets & Hacks, At its basic level, it controls access to your sites directories. If you want to block access to a particular file, including .htaccess itself, use the  Step 4: Inside you will see the .htaccess file. Right-click on it. And choose the option to edit. Once you access the file, place the following snippet of code in it. # Deny access to .htaccess <Files .htaccess> Order allow,deny. Deny from all </Files> This is will restrict users from accessing your .htaccess file. Simple, isn’t it?

Comments
  • just to disallow listing directories write Options -Indexes in .htaccess file located in root folder
  • Hey!! anubhava I've used this to disable direct access to my api files inside /api folder but now all webservice call sending 403 forbidden status .. I just want to block access when someone access it from browser.
  • For a webserver there is no real difference between requests between browser and non-browser.
  • I use of nginx and I can not use of .htaccess. so, how can I do that without .htaccess ? thanks
  • How can I access the files of folder/sub folder if I deny from all? The files into folder/sub folder gives 404 error.
  • Deny from all won't give 404 but 403. You can still access file/folders using PHP/Perl etc but not using a web request. You can open a new question if that didn't answer your query.
  • With Apache 2.22 the best solution is the first one: RedirectMatch.....
  • Much prefer this answer, rather than creating multiple .htaccess files in every directory that I need to deny access for.
  • This does not disable file listing, but tells the autoindexer to ignore all files when constructing the index. To disable file listing, you'd use Options -Indexes.