.htaccess deny access to specific files? more than one
21,818
Solution 1
If you want to exclude files based on regular expressions, you could use FilesMatch instead of Files, e.g.:
<FilesMatch ^((home|test|file)\.php$|mysecretfolder|asecretpicture\.jpe?g)$>
...
</FilesMatch>
Solution 2
Looks like you have to exclude those files one by one:
<files home.php>
Deny/Allow/Whatever
</files>
<files file.php>
...
You can use *.gif
in <files>
or something*
, but as home.php, file.php and test.php can't really be grouped with a "*", this is probably the only way to go.
Solution 3
since apache 2.4
<FilesMatch "\.htaccess|config\.php">
Require all denied
</FilesMatch>
instead of
<FilesMatch "\.htaccess|config\.php">
Order allow,deny
Deny from all
</FilesMatch>
Author by
oni-kun
Updated on July 09, 2022Comments
-
oni-kun almost 2 years
I am able to disable access to a file with .htaccess, but I don't know how to disallow multiple files to be viewed (directly, not from includes)
They are .php so I can't disable a file type (like the only tutorials online say..)
<FILES ... ? </FILES>
Or something.. For example "home.php, file.php , test.php" how do I disallow access to all three files with that tag? or similar, help please!
-
oni-kun over 14 yearsPerfect, I love the piping for each file name, just what I wanted. Thank you.
-
Residuum over 14 yearsCaveat: Use start and end of the string, if you want to exclude /test.php, but not /public/test.php or /test.php.bak
-
Imperative about 10 yearsThat is the most useful thing I've seen all week. Granted, it's just past 2pm on a Monday, but still.
-
jamix over 4 yearsCaveat: Including
mysecretfolder
in theFilesMatch
directive will not deny access to all files within that directory.