I have a folder with a lot of .php
files. I would like to deny access to them (using .htaccess
). I know an option is to move this folder outside
Apache 2.4 now uses a different way to do this so the method that works for Apache 2.2 will not work. See below for the method that will work for Apache 2.4. Place this in your Apache .htaccess file or better yet in a <Directory>
directive in the Apache .conf file for your site.
Using .htaccess:
If using Apache 2.2:
order deny,allow
deny from all
If using Apache 2.4 use:
Require all denied
Using Apache Configuration files:
Instead of using a .htaccess file, it is usually preferred to place the configuration directly in your Apache .conf file as follows:
<Directory "/var/www/mysite">
Require all denied
</Directory>
Or if using a virtual host:
<VirtualHost *:80>
### Other configuration here ###
<Directory "/var/www/mysite">
Require all denied
</Directory>
### Other configuration here ###
</VirtualHost>
Of course the above configurations are examples, and you will need to adjust according to your requirements.
Create .htaccess file inside the desired folder with the following contents:
Deny from all
Edit apache2.conf
or httpd.conf
, whatever you find in Apache2 directory (probably located in /etc/apache2
). You'll need to edit/check the following:
AllowOverride ALL
(in the related <Directory> tag)
AccessFileName .htaccess
Edit your site's configuration file only in case you have a <Directory> tag specified inside it and add the following line:
AllowOverride ALL
Restart your Apache2 server
service apache2 restart
The above steps are all meant for Linux environments. The same instructions would work well for Windows environments except for the paths and the server restart command.
Reference: http://www.cyberciti.biz/faq/apache-htaccess/
Add this to the .htaccess
file:
order deny,allow
deny from all
Just add a .htaccess file with the code Deny from all
to the folder.
More info at http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html