.htaccess deny and allow

0
votes

I have an open directory currently called "hax" and I wanted to use deny and allow in the .htaccess to block people from viewing the directory and any files in the directory. I also have a page on my website that uses iframe to embed a HTML form in the hax directory. Every time I try anything, the form always stops working.

The form only ever works when I'm not trying to add this block in the .htaccess. The form should look like this when it's working: http://prntscr.com/4hm9t9 and when it's not working it looks like this: http://prntscr.com/4hm8ud.

I've tried all of this:

order allow,deny
allow from 69.195.124.70

also:

order deny,allow
deny from all
allow from 69.195.124.70"

and:

order deny,allow
deny from all
allow from localhost"

None of them work. I'm trying to allow 69.195.124.70 because I presumed that the block was blocking my own server from being able to read the HTML file and embed it on the site.

2
apache.htaccess
"embed a html form"? <-- please elaborate what you are doing with some code.Sumurai8
I'm using iframe to embed example.com/hax/form.html and example.com/hax/form2.html. The forms stop working when I try to add protection to the directory.user3313947
Right-click the page, go to the network tab and reload the page. Look at the resources that are being loaded. What do you notice? ;-)Sumurai8

2 Answers

0
votes

You say you are using an iframe to include the form. An iframe is just another html element. Your browser reads the code <iframe src="/hax/form.html"></iframe> and requests /hax/form.html to include in this iframe. The request is originating from the browser, not from the server. There is no change in .htaccess you can make to make this work, since the request from the iframe is similar to the request from a normal page.

-1
votes

If it's blocking the possibility of users to see your current directory you should try the

  Options -Indexes

in your .htaccess-file.