.htaccess deny files in subfolders

Question

I want to block access to \"sub/folder/index.php\", but not \"index.php\" anywhere else.

    Order allow,deny
    Deny from all


        

Answer 1

How about creating a .htaccess file in the specific folder containing the files you want to protect?

Edit:

Be careful, this actually does not work in a simple .htaccess file, see comments below. This will only work in an apache.conf file.

This should to the trick for you without another .htaccess file:

<Directory sub/folder>
   <Files index.php>
     Order allow,deny
     Deny from all
   </Files>
</Directory>

Answer 2

You can only use file names in <Files> sections, not paths.

There are three options I can see;

• Put a .htaccess file in the same folder as the file.
• Put the configuration in apache.conf using a <Directory> directive and a <Files> directive. <Directory> does not work in .htaccess files, only apache.conf
• Create a rewrite rule using mod_rewrite a'la;

-

RewriteEngine on
RewriteRule ^sub/folder/index.php$ http://yoursite/index.locked

Will give a 404 on the file, if you want a permission denied, create a read protected file at the pointed to location.

Answer 3

I try creating another .htaccess in that sub/folder/ to block the access to that index.php.

"If you place a .htaccess file in a sub-folder, its directives will override the ones that you have in your site main folder."

This page has further information: http://www.besthostratings.com/articles/htaccess.html

Answer 4

I think the simpliest rule is:

RedirectMatch 403 ^.*/sub/folder/index\.php$

RedirectMatch is in mod_alias module, that you certainly have. This does not implies mod_rewrite engine. Here we are simply telling apache that any access to sub/folder/index.php will generate a "403 forbidden" answer.

You can put that in a httpd.conf or in the root .htaccess (but really consider removing all .htaccess, it's bad, it's slow, it's sad that you do not have access to the real configuration files).