How do I prohibit access to one of my folders with .htaccess?

Posted March 31, 2015 8.1k views
UbuntuApachePHPLAMP Stack

Running a droplet with Ubuntu 14.04 x64.

In my /var/www/html directory, I have a include/ folder of files I include in PHP files but aren’t standalone. I would like to prohibit direct URL access (return 403 errors) to these files, but still make it so that my standalone files can include them.

I have tried creating a .htaccess file inside the include/ folder containing:

<Files *>
Order Deny,Allow
Deny From All
Allow From {my droplet IP address}

This is not prohibiting access. Is this the right approach? Is my .htaccess file wrong? Is the IP address I am allowing from wrong?


These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

You can only place the following directive in the .htaccess file in /var/www/html/include:

Order Allow,Deny
Deny from all

This will limit web access to the files in /include. If you want to deny access only to the .php files, but keep the other files accessible:

<FilesMatch “.php$”>
Order Allow,Deny
Deny from all

Further, there is no need to add “Allow From {my droplet IP address}”, as the .htaccess will not limit your scripts from accessing the files in the /include directory.