52
votes

I've been cleaning up my project lately. I have a main .htaccess in the root directory and 6 others. 5 of them ran Options -Indexes which i didn't see anypoint of allowing any Directory viewing so moved that to the main one. so now i only have 2 .htaccess files. the main and one in /system which holds

# Block External Access
deny from all

So i wanted to run that on /system only from within the main. So i deleted the one in /system and added

 # Block External Access
<Directory "/system/">
deny from all
</Directory>

to my main .htaccess file leaving 1!

but now i get a

Internal Server Error

The server encountered an internal error or misconfiguration and was unable to complete your request.

Please contact the server administrator, webmaster@localhost and inform them of the time the error occurred, and anything you might have done that may have caused the error.

More information about this error may be available in the server error log.

Apache/2.2.17 (Ubuntu) Server at 10.0.1.5 Port 80

The goal is to block reading any files in /system and it's sub directory's but allow viewing of everything else all from one .htaccess file for the whole project. Any ideas on how i can fix this? I did some Google searches but couldn't really come out with anything.

3

3 Answers

83
votes

You cannot use the Directory directive in .htaccess. However if you create a .htaccess file in the /system directory and place the following in it, you will get the same result

#place this in /system/.htaccess as you had before
deny from all
14
votes

You can also use RedirectMatch directive to deny access to a folder.

To deny access to a folder, you can use the following RedirectMatch in htaccess :

 RedirectMatch 403 ^/folder/?$

This will forbid an external access to /folder/ eg : http://example.com/folder/ will return a 403 forbidden error.

To deny access to everything inside the folder, You can use this :

RedirectMatch 403 ^/folder/.*$

This will block access to the entire folder eg : http://example.com/folder/anyURI will return a 403 error response to client.

2
votes

You can use from root directory:

RewriteEngine On
RewriteRule ^(?:system)\b.* /403.html

Or:

RewriteRule ^(?:system)\b.* /403.php # with header('HTTP/1.0 403 Forbidden');