user2986042 user2986042 - 8 months ago 42
Apache Configuration Question

How can i block direct access of particular directory , files in Apache ?

I'm trying to block direct access of some directory , files with .htaccess in Ubuntu . I know that this question has many possible duplicates, but none of them helped me yet.

My directory structure :

---- /var/www/html
- login.html
- private (folder)
-- content.html
-- css / style1.css , style2.css
-- JS / myscript1.js , myscript.js

Now i want to block direct access of private folder . like - Block or Password required - Block or Password required - Block or Password required

But i need to access
css ,js
. So i want to allow these private folder access for

like : - Allow
calling content.html via - Allow
request private/css/style1.css via - Allow
request private/css/style2.css via - Allow
request private/JS/myscript1.js via - Allow
request private/JS/myscript2.js via - Allow

I wrote like this to block private folder acess :

<Directory /var/www/html/private/>
AuthType Basic
AuthName "Restricted Content"
AuthUserFile /etc/apache2/.htpasswd
Require valid-user

This is working fine when i access
. But this is making problem when
css , js

How can i done with
? How can i write rule ?
Any suggestions ?

Answer Source

Create .htaccess file in each folder where you want to allow (eg: private/css/.htaccess)


Satisfy Any
Order Allow,Deny
Allow from all


Removing controls in subdirectories

The following example shows how to use the Satisfy directive to disable access controls in a subdirectory of a protected directory. This technique should be used with caution, because it will also disable any access controls imposed by mod_authz_host.

<Directory /path/to/protected/>
Require user david
<Directory /path/to/protected/unprotected>
# All access controls and authentication are disabled
# in this directory
Satisfy Any
Allow from all