While i try to access the .htaccess file its saying access forbidden,which is obvious. But the listing of all other files also getting displayed,i.e no restrictions are imposed on those files which are under the same directory as the .htaccess. However i want to restrict everyone but myself from those files too. Here is my httpd.config

inside directory of httpd.config

Options Indexes FollowSymLinks Includes ExecCGI

AllowOverride ALL

Require all granted

<Files ".ht*">
Require all denied
</Files>

my .htaccess file
# deny everyone but myself
<Limit GET POST PUT>
    Options -Indexes
    Order allow,deny
    Deny from all
</Limit>

Recommended Answers

All 3 Replies

If you have a static IP you can add it as allow rule:

<Limit GET POST PUT>
    Options -Indexes
    Order allow,deny
    Deny from all
    Allow from xxx.xxx.xxx.xxx
</Limit>

Otherwise you can use the Authenticantion modules: http://httpd.apache.org/docs/2.0/howto/auth.html

commented: Static id,that's the problem in my case. I don't have one. Is there any other way to achieve the same functionality? Like,could we use php in order to get the current ip and auto set it in our .htaccess? +0

Static ip,that's the problem in my case. I don't have one. Is there any other way to achieve the same functionality? Like,could we use php in order to get the current ip and auto set it in our .htaccess?

Inside the .htaccess file write:

order allow,deny
deny from all
allow from env=ALLOW_ME

And then inside a PHP file:

<?php
apache_setenv('ALLOW_ME', true);

It should work if PHP is managed as module by Apache (I cannot test it right now). It can work also by checking the referer:

SetEnvIF Referer "http://youwebsite\.tld/page\.php" allowme
order allow,deny
deny from all
allow from env=allowme

But this last example is not safe because the referer can be spoofed easily.

Reference for more options:

Otherwise with PHP: use glob() function to list the files of the restricted path and sessions to limit the access to the listings.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.