I've got a situation where I'm trying to deny access to all files in a subdirectory of my website. I have added an htaccess file to this subdirectory and added a deny from all directive to it. However, I also have an htaccess file in the site root, which allows specific file types, and it seems like these file types are still accessible in the subdirectory even though I no longer want them to be. I have a workaround for this (see below), but I feel like there must be a better way. Here are my two htaccess files:
Root .htaccess
# Deny access to everything by default
Order Deny,Allow
deny from all
# Allow access to html files
<Files *.html>
allow from all
</Files>
Subdirectory .htaccess
# Deny access to everything
deny from all
Workaround:
Subdirectory .htaccess
# Deny access to everything
Order Allow,Deny
deny from all
<Files *.*>
deny from all
</Files>
This does what I want, but I feel like there should be a way to make the deny from all statement work by itself. Does anyone know how?