By vincentbello
Running a droplet with Ubuntu 14.04 x64.
In my /var/www/html directory, I have a include/ folder of files I include in PHP files but aren’t standalone. I would like to prohibit direct URL access (return 403 errors) to these files, but still make it so that my standalone files can include them.
I have tried creating a .htaccess file inside the include/ folder containing:
<Files *>
Order Deny,Allow
Deny From All
Allow From {my droplet IP address}
</Files>
This is not prohibiting access. Is this the right approach? Is my .htaccess file wrong? Is the IP address I am allowing from wrong?
Thanks.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
You can only place the following directive in the .htaccess file in /var/www/html/include:
Order Allow,Deny Deny from all
This will limit web access to the files in /include. If you want to deny access only to the .php files, but keep the other files accessible:
<FilesMatch “.php$”> Order Allow,Deny Deny from all </FilesMatch>
Further, there is no need to add “Allow From {my droplet IP address}”, as the .htaccess will not limit your scripts from accessing the files in the /include directory.
The approach with .htaccess is on the right track for restricting access to a directory on an Apache server. However, there may be a few reasons why it is not working as expected:
-
Apache Configuration: Apache needs to be configured to read
.htaccessfiles. This is done with theAllowOverridedirective in the main Apache configuration file (httpd.conforapache2.conf), which should be set toAllor at leastFileInfofor the directory you are trying to control. -
IP Address: The
Allow Fromdirective with an IP address is not necessary unless you want to explicitly allow access from a specific IP, such as for development or debugging purposes. For the use case you described, you don’t need to allow any direct access to theinclude/folder from the web at all; your PHP files on the server will still be able to include the files from that directory. -
Syntax: The syntax you’re using for the
<Files>block is a bit outdated. Apache 2.4 usesRequire all deniedinstead ofOrder Deny,AllowandDeny from all.
Here’s how you can modify your .htaccess file in the include/ directory to prevent web access:
# Apache 2.2 syntax
<Files *>
Order Deny,Allow
Deny from all
</Files>
# Apache 2.4 syntax
<Files *>
Require all denied
</Files>
You only need to use the syntax for the version of Apache that your server is running.
Here are the steps to ensure this works:
-
Check Apache Version: Check which version of Apache you are running to use the correct syntax.
-
Modify .htaccess: Create or modify the
.htaccessfile in yourinclude/directory with the correct syntax for your version of Apache. -
Apache Configuration: Ensure that the main Apache configuration file allows for
.htaccessfiles to override the default settings. -
Restart Apache: After making these changes, you should restart Apache to ensure that the new configuration is active.
If you follow these steps and find that direct access to the include/ folder is still not prohibited, you may want to consult the Apache error logs for any messages that can help in troubleshooting the issue.
Become a contributor for community
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
DigitalOcean Documentation
Full documentation for every DigitalOcean product.
Resources for startups and AI-native businesses
The Wave has everything you need to know about building a business, from raising funding to marketing your product.
The developer cloud
Scale up as you grow — whether you're running one virtual machine or ten thousand.
Get started for free
Sign up and get $200 in credit for your first 60 days with DigitalOcean.*
*This promotional offer applies to new accounts only.