Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Restrict access to files in a public folder |
|
| Author |
|
kakokiki
Joined: 27 Mar 2017
Posts: 2
Location: Florida
|
 Posted: Wed 29 Mar '17 15:42 Post subject: Restrict access to files in a public folder |
 |
|
Hi all!
we just migrate our Wordpress Multisite from an Nginx server to an Apache/2.4.18 server (Ubuntu) and we are having some issues trying to block access to a certain files in folders under our public html folder.
We are using an .htaccess inside the specific folder to block the access, but it is not working how it should be (probably we are doing something wrong of course!)
Our .htaccess looks like this:
| Code: |
# Disable directory browsing
Options -Indexes
<Files ~ "\.(pdf|txt|doc|docx)$">
Order allow,deny
Deny from all
</Files>
|
The thing is that it works partially. Let's say I have file1.pdf inside the specific folder.
If I try to access the full URL: www.mydomain.com/wp-content/blogs.dir/xxx/files/file1.pdf IT WORKS. I CAN NOT ACCESS THE FILE
But if I use the rewritten link: www.mydomain.com/files/file1.pdf DOES NOT WORK. I can still access the file.
Is this something related with symlinks?
Our apache config for the html folders looks like this:
| Code: |
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
|
Any help would be appreciated!
Thank you |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7298
Location: Germany, Next to Hamburg
|
| Posted: Sat 01 Apr '17 14:49 Post subject: |
|
|
| AllowOverride None disables .htaccess use. |
|
| Back to top |
|
kakokiki
Joined: 27 Mar 2017
Posts: 2
Location: Florida
|
| Posted: Tue 04 Apr '17 15:20 Post subject: |
|
|
Hi James,
I changed the apache conf to AllowOverride All and restarted Apache, but it is still not working properly.
I can not access the file using the first URL but I can still access it through the second URL.
It seems Wordpress is rewriting in some mode the second URL and the .htaccess is not restricting this secondary URL. |
|
| Back to top |
|
Miguel2016
Joined: 03 Oct 2016
Posts: 3
Location: USA, Philadephia
|
| Posted: Wed 05 Apr '17 14:05 Post subject: |
|
|
In addition to AllowOverride directive there is in
httpd-default.conf --> AccessFileName .htaccess
It's easy to overlook. |
|
| Back to top |
|
|
|
|
|
|
