.htaccess allow from one page .htaccess allow from specific page 有大用

Question

i have almost 20 pages on server, but i want only a file named abc.php, which users can watch. i want if user forcefully open the other files like //example.com/some.php .htaccess shows 403 error.

<Files ~ "^(?!(changepwd|login|register|remind|securitycode|registersuggest)\.php$).*(\.php)$">
AuthName "Reserved Area"
AuthType Basic
AuthUserFile path_to/.htpasswd
AuthGroupFile path_to/.htgroup
Order Deny,allow
Require group allowed_groups  
</Files>

this is the way i am currently using, but i think there can be more elegant solutions.

Atle · Accepted Answer · 2013-10-27 20:40:36Z

This .htaccess-file will only allow users to open index.php. Attempts to access any other files will result in a 403-error.

Order deny,allow
Deny from all

<Files "index.php">
    Allow from all
</Files>

If you also want to use authentication for some of the files, you may simply add the content from your current file at the end of my example.

i also want that all js, css files to be visible which are included in index.php — user2897690, Oct 31 '13 at 14:38
Try to add something like <Files ~ "\.(js|css)$">Allow from all </Files> — Atle, Oct 31 '13 at 17:20
how to allow more than 1 file? like index.php and register.php? in <Files "index.php"> Allow from all </Files> — Jeroen van Langen, Mar 25 '15 at 21:19

Atle · Answer 2 · 2013-10-27 11:31:01Z

Its safest to move the files you don't want the users to access to a directory which is not in the root directory of the web server.

Like if the root directory of my site is this:

/var/www/html/my_web_site/public/index.php

I can put the non-public files in another directory like this:

/var/www/html/my_web_site/config.php
/var/www/html/my_web_site/auth.php
/var/www/html/my_web_site/db.php

And include the files like this in index.php:

include("../config.php");
include("../auth.php");
include("../db.php");

Whit this, you don't have to risk to accidentally delete or forget to copy the .htaccess file.

no, i don't want this. suppose i have 10 php files independent of each other. i want my client be able to only open abc.php and all rest php files shows forbidden error on connecting. — user2897690, Oct 27 '13 at 12:50
Do you also want the login? Or is it enough with an 403-error? — Atle, Oct 27 '13 at 20:32

MickeyRoush · Answer 3 · 2012-12-18 18:10:22Z

Order Allow,Deny
<FilesMatch "^toon\.php$">
Allow from all
</FilesMatch>

That is probably the most efficient that you can get.

Charley Ramm · Answer 4 · 2011-01-07 13:10:05Z

AuthGroupFile /dev/null
AuthName "Private Area"
AuthType Basic
AuthUserFile .htpasswd
require valid-user


<Files "toon.php">
Allow from all
Satisfy Any

</Files>

Works for me. Dont' forget to configure the .htpasswd file.

I like this answer. Just want to add that you probably need AllowOverride AuthConfig Limit in your server config — Daniel Alder, Sep 6 '14 at 10:05

Georgy Spassky · Answer 5 · 2013-07-24 16:28:54Z

up vote6down vote

Deny From All
<FilesMatch "^toon\.php$">
Allow From All
</FilesMatch>

Worked for me...

answered Jul 24 '13 at 16:28

Georgy Spassky

9212

2

Is there some difference to this answer here? – AD7six Jul 24 '13 at 16:34

1

yes, my code is more understandable =) – Georgy Spassky Oct 18 '13 at 8:31

2

In what way =) -1 for duplicating an existing answer providing no further information. – AD7six Oct 18 '13 at 8:36

add a comment

Amanda · Answer 6 · 2016-12-01 02:14:02Z

You may want to use the <Directory> and <Files> directives. You can look at the documentation here:

http://httpd.apache.org/docs/1.3/mod/core.html#directory

http://httpd.apache.org/docs/1.3/mod/core.html#files

In short, you want something like this:

<Directory /folder/without/access >
     Order Deny,Allow
     Deny from All
</Directory>

<Files "filename">
     Order Deny,Allow
     Allow from All
</Files>

starkeen · Answer 7 · 2016-07-02 08:51:51Z

Add the following rule to htaccess file in root

RewriteEngine on


RewriteRule !toon\.php$ - [F]

This will deny access to all files and folders except toon.php .

user4555481 · Answer 8 · 2015-02-11 15:39:10Z

If, like me, you're looking for a way to have authentication on an entire site/folder except for a single file, you will find that this method is working very well:

#allows a single uri through the .htaccess password protection
SetEnvIf Request_URI "/testing_uri$" test_uri

AuthName "Restricted Area"
AuthType Basic
AuthUserFile /path/to/your/.htpasswd
AuthGroupFile /
Require valid-user

#Allow valid-user
Deny from all
Allow from env=test_uri
Satisfy any

Example taken from : this site

You are here

.htaccess allow from one page .htaccess allow from specific page 有大用

2 Answers 正确答案

来自 https://stackoverflow.com/questions/19617351/allowing-only-certain-files-to-view-by-htaccess

6 Answers

来自 https://stackoverflow.com/questions/3407543/htaccess-deny-access-to-all-except-to-one-file

友情链接

搜索表单

用户登录

You are here

.htaccess allow from one page .htaccess allow from specific page 有大用

2 Answers 正确答案

来自 https://stackoverflow.com/questions/19617351/allowing-only-certain-files-to-view-by-htaccess

6 Answers

来自 https://stackoverflow.com/questions/3407543/htaccess-deny-access-to-all-except-to-one-file

友情链接