Deny from all in subdirectory htaccess not overriding file rules in root htaccess

Question

I\'ve got a situation where I\'m trying to deny access to all files in a subdirectory of my website. I have added an htaccess file to this subdirectory and added a deny fro

Answer 1

You can have your Root .htaccess like this

# Deny access to everything by default
Order Deny,Allow
deny from all

# Allow access to html files

    allow from all


# Deny access to sub directory

    deny from all

There is no need for a separate .htaccess in the sub directory.

You are allowing access to all html files in your .htaccess in the Root Directory and not denying it anywhere in the sub directory in the first case. Apache parses all your rules and uses the last matching rule, unlike firewalls (which uses the first rule match hit). The global rules are read first and the the specific rules later.