Apache2: How do I restrict access to a directory, but allow access to one file within it? – Problems with loading a website are often blamed on the Internet connection, but even the most perfectly set up network cannot help if there is no service to reply at your destination. One of the most popular HTTP servers used for this task is Apache2. Much of Apache’s popularity can be attributed to its easy installation and use, but never the less it is possible to run into problems with even the easiest of the software. If you’ve encountered an issue loading your web page, follow these simple troubleshooting methods outlined in this guide to attempt to get your web server back up and working again. Below are some tips in manage your apache2 server when you find problem about apache-2.2, directory, deny, , .
I’ve inherited a poorly designed web app, which has a certain file that needs to be publicly accessible, but that file is inside a directory which should not.
In other words, I need a way to block all files and sub-directories within a directory, but over-ride it for a single file.
I’m trying this:
# No one needs to access this directly <Directory /var/www/DangerousDirectory/> Order Deny,allow Deny from all # But this file is OK: <Files /var/www/DangerousDirectory/SafeFile.html> Allow from all </Files> </Directory>
But it’s not working- it just blocks everything including the file I want to allow. Any suggestions?
There is an answer on StackOverflow that should answer this question, I think there is a missing
Order in the nested
# No one needs to access this directly <Directory /var/www/DangerousDirectory/> Order Deny,allow Deny from all </Directory> # But this file is OK: <Files /var/www/DangerousDirectory/SafeFile.html> Order Deny,Allow Allow from all </Files>
And if this directory is password-protected, add
Satisfy any too.
A very late answer, but still perhaps an answer.
The tag is in the scope of the directory and should not have the full path. So it should read:
<Directory "/var/www/DangerousDirectory"> Order Deny,allow Deny from all # But this file is OK: <Files "SafeFile.html"> Allow from all </Files> </Directory>
Be aware that this would allow any file called SafeFile.html in that directory-tree.
To allow a specific file when access is restricted by HTTP password. Be careful, password protection is defined on filesystem basis and specific allowed files are defined by URI. Updated for Apache 2.4.
<Directory /path/to/directory/> AuthName SecureArea AuthType Basic AuthUserFile /path/to/passwd-file Require user my-user SetEnvIf Request_URI "path/to/uri-allowed-1.php" allowedURL SetEnvIf Request_URI "path/to/uri-allowed-2.php" allowedURL Require env allowedURL </Directory>