Trouble in restricting the directory which contains .htaccess file

Question

sash_kp 0 Newbie Poster

11 Years Ago

While i try to access the .htaccess file its saying access forbidden,which is obvious. But the listing of all other files also getting displayed,i.e no restrictions are imposed on those files which are under the same directory as the .htaccess. However i want to restrict everyone but myself from those files too. Here is my httpd.config

inside directory of httpd.config

Options Indexes FollowSymLinks Includes ExecCGI

AllowOverride ALL

Require all granted

<Files ".ht*">
Require all denied
</Files>

my .htaccess file

# deny everyone but myself
<Limit GET POST PUT>
    Options -Indexes
    Order allow,deny
    Deny from all
</Limit>

apache php

2 Contributors
3 Replies
275 Views
12 Hours Discussion Span
Latest Post 11 Years Ago Latest Post by cereal

cereal 1,524 Nearly a Senior Poster

11 Years Ago

If you have a static IP you can add it as allow rule:

<Limit GET POST PUT>
    Options -Indexes
    Order allow,deny
    Deny from all
    Allow from xxx.xxx.xxx.xxx
</Limit>

Otherwise you can use the Authenticantion modules: http://httpd.apache.org/docs/2.0/howto/auth.html

Edited 11 Years Ago by cereal

sash_kp commented: Static id,that's the problem in my case. I don't have one. Is there any other way to achieve the same functionality? Like,could we use php in order to get the current ip and auto set it in our .htaccess? +0

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Static id,that's the problem in my case. I don't have one. Is there any other way to achieve the same functionality? Like,could we use php in order to get the current ip and auto set it in our .htaccess?

sash_kp 0 Newbie Poster · Answer 1 · 2013-06-24T20:19:34+00:00

Static ip,that's the problem in my case. I don't have one. Is there any other way to achieve the same functionality? Like,could we use php in order to get the current ip and auto set it in our .htaccess?

cereal 1,524 Nearly a Senior Poster Featured Poster · Answer 2 · 2013-06-25T01:37:42+00:00

Inside the .htaccess file write:

order allow,deny
deny from all
allow from env=ALLOW_ME

And then inside a PHP file:

<?php
apache_setenv('ALLOW_ME', true);

It should work if PHP is managed as module by Apache (I cannot test it right now). It can work also by checking the referer:

SetEnvIF Referer "http://youwebsite\.tld/page\.php" allowme
order allow,deny
deny from all
allow from env=allowme

But this last example is not safe because the referer can be spoofed easily.

Reference for more options:

http://httpd.apache.org/docs/2.2/mod/mod_setenvif.html#setenvif

Otherwise with PHP: use glob() function to list the files of the restricted path and sessions to limit the access to the listings.