FilesMatch on htaccess causing internal server error

0
votes

OK I'm trying to password protect a directory, but not the files within in it. We send links to clients to open a pdf....but I don't want them to see the contents of the directory hence the htaccess.

I set up password via Cpanel and check the correct path with fullpath.php. I then upload the following htaccess file which works fine:

AuthName "Secure Area"
AuthUserFile "/home4/o558316/.htpasswds/public_html/pdfs/passwd"
AuthType Basic
require valid-user

When I then add in the filesmatch lines:

 <FilesMatch "\.(jpg|gif|png|pdf)$">
 Order Deny,Allow
 Allow from all  
 </FilesMatch>

It returns an internal server error,

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, admin@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Sure it's just my syntax, I've tried just about everything and it just wont work. Soon as I delete the filesmatch lines it works fine.

1
apache.htaccess
Why not just change folder permissions? - andyroo
And did you check your errorlog as suggested? Allways check the logs, no matter the error. Especially if the server even suggests it. - ToBe

1 Answers

0
votes

If you think about the construct of your directive and filesmatch rule here what you're trying to do is block access to everything, absolutely everything except the ones specified - So how can a browser access, say, an error file which has the extension .php for example?

Personally I'd disable directory listing by using the following line in your .htaccess file:

# Disable Directory Listings in this Directory and Subdirectories
# This will hide the files from the public unless they know direct URLs
Options -Indexes