How do I prohibit access to one of my folders with .htaccess?

March 31, 2015 995 views
Apache LAMP Stack PHP Ubuntu

Running a droplet with Ubuntu 14.04 x64.

In my /var/www/html directory, I have a include/ folder of files I include in PHP files but aren't standalone. I would like to prohibit direct URL access (return 403 errors) to these files, but still make it so that my standalone files can include them.

I have tried creating a .htaccess file inside the include/ folder containing:

<Files *>
Order Deny,Allow
Deny From All
Allow From {my droplet IP address}

This is not prohibiting access. Is this the right approach? Is my .htaccess file wrong? Is the IP address I am allowing from wrong?


1 Answer

You can only place the following directive in the .htaccess file in /var/www/html/include:

Order Allow,Deny
Deny from all

This will limit web access to the files in /include. If you want to deny access only to the .php files, but keep the other files accessible:

<FilesMatch "\.php$">
Order Allow,Deny
Deny from all

Further, there is no need to add "Allow From {my droplet IP address}", as the .htaccess will not limit your scripts from accessing the files in the /include directory.

Have another answer? Share your knowledge.