How to correctly restrict access to some folders via htaccess

.htaccessapache-2.2

I have such directiry structure:

- www
    - folder1
        - folder2
            - folder21
            - folder22
            - folder23

I allowed all image files to be accessed

<FilesMatch \.(?i:gif|jpe?g|png)$>
    Order Deny,Allow
    Allow from all 
</FilesMatch>

I allowed all all files in certain folder to be accessed

<FilesMatch /folder2/folder22/.*>
    Order Deny,Allow
    Allow from all 
</FilesMatch>

I allowed all robots.txt files to be accessed

<FilesMatch (robots\.txt)$>
    Order Deny,Allow
    Allow from all 
</FilesMatch>

And at the end I added password restriction

AuthType Basic
AuthName "Personal use"
AuthUserFile /full/path/to/.htpasswd
Require valid-user

But when I try to access any image file via browser, I get password prompt.
Could anyone explain how to fix it and what might be the problem. Thank you.

Best Answer

Order Deny,Allow means that the deny rules are processed before the allow rules. Therefore, you will get a password prompt.

For any folders and filetypes that you want to allow access, just put the below config into your .htaccess:

<FilesMatch "\.(gif|jpe?g|png)$">
    Order Allow,Deny
    Allow from all 
    Satisfy Any
</FilesMatch>

Related Solutions

Centos – WebDAV on CentOS – getting 403 error when attempt to upload

I recently struggled with the same problem on my Fedora 10 system. In my case the culprit was some odd redirection that I was doing in Apache. Specifically, I use a content management system (Drupal, to be exact) that within it's .htaccess includes the following redirection logic to redirect missing files to a PHP script:

# Rewrite URLs of the form 'x' to the form 'index.php?q=x'.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

It makes sense that the above only affects the PUT method since in that case REQUEST_FILENAME does not exist.

Not having the WebDAV area inside of the Drupal area, which seems like a reasonable constraint, fixes the problem.

Also, I think it is likely that SELinux would result in a different error, but it's not mentioned in the discussion above. Did you try disabling SELinux?

Apache 2.2 – How to Redirect Root via .htaccess

Try this:

RewriteEngine on
RewriteCond %{HTTP_HOST} mysite\.com [NC]
RewriteCond %{REQUEST_URI} ^/$
Rewriterule ^(.*)$ http://mysecondsite.com/ [L,R=301]

If you don't need to check for the old domain (for example, if the directory where your .htaccess is placed is only used by the old domain) you can remove the second line.

Best Answer

Related Solutions

Centos – WebDAV on CentOS – getting 403 error when attempt to upload

Apache 2.2 – How to Redirect Root via .htaccess

Related Topic