3

Can I config a .htaccess that deny the direcly acces to "/images" but "/images/*.jpg" must be allowed because I show single pictures on my index.php from this folder!

Jürgen Hohlkopf
  • 83
  • 1
  • 7
  • 2
    Possible duplicate of [How do I disable directory browsing?](http://stackoverflow.com/questions/2530372/how-do-i-disable-directory-browsing) – Donovan Solms Jun 29 '16 at 08:38
  • 1
    Not a duplicate of that. OP requires a single folder being blocked except the extension .jpg. That question is to block directory browsing and all sub-directories entirely. – Joe Jun 29 '16 at 08:57
  • The question is worded differently, but it is a duplicate, because this is exactly what is asked. `Options -Indexes` in an htaccess file *inside subdirectory images* disallows access to to the directory listing, but allows access to its content. – Olaf Dietsche Jun 29 '16 at 09:22

3 Answers3

1

Try :

RedirectMatch 403 ^/images/?$

This will deny access to the /images/ folder.

Amit Verma
  • 40,709
  • 21
  • 93
  • 115
0

This would block access to a specific folder, but should still allow images to be displayed:

<Files /images>
order allow,deny
deny from all
</Files>

You can also include (if the above alone does not work):

<Files .jpg>
order allow,deny
allow from all
</Files>

This should allow access to all images with file extension .jpg after you have denied access to the /images folder.

Joe
  • 4,877
  • 5
  • 30
  • 51
  • I'm sorry, I was interested to the same thing. However not one of the methods proposed, are working. In the same folder, I got MP3 and JPG files. If I use the above methodes,, I get access to both. The solution proposed here, works very well: https://stackoverflow.com/questions/13396033/blocking-pdf-files-from-direct-access-using-htaccess – Tormy Van Cool Apr 21 '18 at 09:41
0

thanks to @Amit Verma, to complete :
in my case in UserDir, I should specify path from "root" folder :

RedirectMatch 403 ^/~userDirName/subFolder/folderThatRequiredProtection/?$

.htaccess file is in folderThatRequiredProtection

You can also protect a file :

RedirectMatch 404 ^/~userDirName/subFolder/folderThatRequiredProtection/fileThatRequiredProtection?$

You can put also 403 for file (and 404 for folder), but sometimes, it should be better to put 404 and hacker doesn't know it exists !

bcag2
  • 1,988
  • 1
  • 17
  • 31