Comments on: Apache Tips & Tricks: Deny access to certain file types

By: How do I disallow viewing of files with certain extensions in Apache? - Admins Goodies

Sun, 21 Aug 2011 02:03:23 +0000

[...] http://www.ducea.com/2006/07/21/apache-tips-tricks-deny-access-to-certain-file-types [...]

By: Failure to Restrict URL Access « Miscellaneous Security

Failure to Restrict URL Access « Miscellaneous Security — Fri, 18 Feb 2011 22:31:55 +0000

[...] should block access to all file types that the application doesn’t [...]

By: http://www.xmthis.com/

http://www.xmthis.com/ — Fri, 07 Jan 2011 19:35:16 +0000

This is my problem…

Amazingly website, I like how your page looks! The layout is amazing!…

By: Un peu de tout » Archives du Blog » sécurisation d’un serveur Apache : configuration

Sun, 29 Nov 2009 04:24:17 +0000

[...] Apache Tips & Tricks: Deny access to certain file types [...]

By: Failure to Restrict URL Access – OWASP Top 10 – A10 « Miscellaneous Security

Thu, 19 Nov 2009 18:03:35 +0000

[...] should block access to all file types that the application doesn’t [...]

By: John

John — Sat, 11 Oct 2008 03:57:31 +0000

Fantastic stuff. I created a protected directory for my client to satisfy a licensing agreement for distributing materials electronicaly to his students. The problem is that when the student clicks on a link for a video file, the student would be asked for username and password again each time. I allowed access to those files via

Satisfy any
Allow from nopasswd

But then, you could access the video directy, if you know the url, bypassing the security. Jeffery’s post above came to the rescue. I inserted that in the .htaccess file above my code. I figured out that you have to set RewriteEngine Off after the RewriteRule.

By: rul3z » Blog Archive » Deny access to some folders

rul3z » Blog Archive » Deny access to some folders — Sat, 13 Sep 2008 04:37:25 +0000

[...] information (log files, source code, password files, etc.). The example shown here will address the question posted by Saul Howard on how to deny access to all the subversion directories [...]

By: Soma in san diego.

Soma in san diego. — Fri, 22 Aug 2008 00:21:36 +0000

Akane soma….

Soma online sales. Soma. Soma and addiction….

By: Jeremy

Jeremy — Tue, 03 Jun 2008 08:17:42 +0000

A pretty cool .htaccess file I use which is used to prevent random web browsers from accessing folders directly, while allowing them to be accessed via your site. Bassically if someone tried to access yoursite.com/vidoes/1.wmv or something, they would be redirected to a page you specify. But if you had a link at yoursite.com when a user clicks on it takes them to yoursite.com/videos/1.wmv would be allowed. This prevents access to folders/directories and even if a person was to guess the link they wouldn’t be able to access it unless they first came through your site.

I did test this with ie and firefox and it seems to work great in each.

Code:
AuthUserFile /dev/null
AuthGroupFile /dev/null

RewriteEngine On

RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://subdomain.yoursite.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://.yoursite.com/subfolder.* [NC]
RewriteCond %{HTTP_REFERER} !^http://yoursite.com.* [NC]
RewriteCond %{HTTP_REFERER} !^http://www.yoursite.com/subfolder.* [NC]

RewriteRule /* http://www.yoursite.com/index.php [R,L]

Just create a .htaccess and insert that code into any subfolder/directory you don’t want anyone to directly access without coming through your site. like yoursite.com/videos/.htaccess (with the above code)

RewriteCond = yoursite.com (this is your site, subdomains, and subfolders allowed to access)
RewriteRule = the address they are forwarded to if they try to access directly.

Jeremy
dialme.com

By: - Marius -

- Marius - — Thu, 06 Dec 2007 08:18:42 +0000

Lewy: indeed wordpress removed those lines completely so I can’t see them. Please send them by email (use the contact form to reach me) so I can have a look and tell you my opinion on your question. M.