user2986042 user2986042 - 16 days ago 5
Apache Configuration Question

How can i block direct access of particular directory , files in Apache ?

I'm trying to block direct access of some directory , files with .htaccess in Ubuntu . I know that this question has many possible duplicates, but none of them helped me yet.

My directory structure :

---- /var/www/html
- login.html
- private (folder)
-- content.html
-- css / style1.css , style2.css
-- JS / myscript1.js , myscript.js


Now i want to block direct access of private folder . like

10.0.0.1/private - Block or Password required
10.0.0.1/private/css - Block or Password required
10.0.0.1/private/js - Block or Password required


But i need to access
css ,js
for
login.html
. So i want to allow these private folder access for
login.html
.

like :

10.0.0.1/index.html - Allow
calling content.html via 10.0.0.1/index.html - Allow
request private/css/style1.css via 10.0.0.1/index.html - Allow
request private/css/style2.css via 10.0.0.1/index.html - Allow
request private/JS/myscript1.js via 10.0.0.1/index.html - Allow
request private/JS/myscript2.js via 10.0.0.1/index.html - Allow


I wrote like this to block private folder acess :

<Directory /var/www/html/private/>
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user
</Directory>


This is working fine when i access
10.0.0.1/private
. But this is making problem when
index.html
request
css , js
.

How can i done with
apache.conf
and
.htacess
? How can i write rule ?
Any suggestions ?

Answer

Create .htaccess file in each folder where you want to allow (eg: private/css/.htaccess)

Reference: http://httpd.apache.org/docs/2.2/mod/core.html#require

Satisfy Any
Order Allow,Deny
Allow from all

Edit:

Removing controls in subdirectories

The following example shows how to use the Satisfy directive to disable access controls in a subdirectory of a protected directory. This technique should be used with caution, because it will also disable any access controls imposed by mod_authz_host.

<Directory /path/to/protected/>
Require user david
</Directory>
<Directory /path/to/protected/unprotected>
# All access controls and authentication are disabled
# in this directory
Satisfy Any
Allow from all
</Directory>
Comments