htaccess <Directory> deny from all
I've been cleaning up my project lately. I have a main .htaccess in the root directory and 6 others. 5 of them ran Options -Indexes
which i didn't see anypoint of allowing any Directory viewing so moved that to the main one. so now i only have 2 .htaccess files. the main and one in /system
which holds
# Block External Access
deny from all
So i wanted to run that on /system
only from within the main. So i deleted the one in /system and added
# Block External Access
<Directory "/system/">
deny from all
</Directory>
to my main .htaccess file leaving 1!
but now i get a
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, webmaster@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Apache/2.2.17 (Ubuntu) Server at 10.0.1.5 Port 80
The goal is to block reading any files in /system and it's sub directory's but allow viewing of everything else all from one .htaccess
file for the whole project. Any ideas on how i can fix this? I did some Google searches but couldn't really come out with anything.
Solution 1:
You cannot use the Directory directive in .htaccess. However if you create a .htaccess file in the /system directory and place the following in it, you will get the same result
#place this in /system/.htaccess as you had before
deny from all
Solution 2:
You can also use RedirectMatch directive to deny access to a folder.
To deny access to a folder, you can use the following RedirectMatch in htaccess :
RedirectMatch 403 ^/folder/?$
This will forbid an external access to /folder/ eg : http://example.com/folder/ will return a 403 forbidden error.
To deny access to everything inside the folder, You can use this :
RedirectMatch 403 ^/folder/.*$
This will block access to the entire folder eg : http://example.com/folder/anyURI will return a 403 error response to client.
Solution 3:
You can use from root directory:
RewriteEngine On
RewriteRule ^(?:system)\b.* /403.html
Or:
RewriteRule ^(?:system)\b.* /403.php # with header('HTTP/1.0 403 Forbidden');