0

I have read Deny from all in subdirectory htaccess not overriding file rules in root htaccess and htaccess "order" Deny, Allow, Deny but I don't see why this does not work:

Order Deny,Allow
<Files articles/*.*>
Deny from all
</Files>

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php [QSA,L]

The file example.com/articles/test.txt is still viewable, whereas it should not. This shows that the articles/*.* rule does not work.

Where is the problem in my .htaccess?

Note: Since I have Apache 2.4, I have tried:

<Files "articles/*.*">
Require all denied
</Files>

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php [QSA,L]

but the problem is still there.

Basj
  • 41,386
  • 99
  • 383
  • 673
  • confirm your Apache version? You can use ` Order allow, deny Deny from all Files>` – Pandurang Jun 08 '20 at 13:53
  • @Pandurang I'd like to do everything from a unique `/.htaccess`, and not a htaccess in each subdirectory like this: `/articles/.htaccess`, etc. – Basj Jun 08 '20 at 13:57
  • Refer https://stackoverflow.com/questions/11728976/how-to-deny-access-to-a-file-in-htaccess – Pandurang Jun 08 '20 at 14:08
  • @Pandurang I have tried similar things (see my last edit a few seconds ago), but it does not work (maybe because of `RewriteRule` / `` mix?) – Basj Jun 08 '20 at 14:13
  • for testing, purpose disable other rewrite rules. Also try with `RewriteRule ^/?/articles/$ - [F,L]`. – Pandurang Jun 08 '20 at 14:18
  • @Pandurang maybe the problem comes from this: can we use a subdirectory path in Files like this: ``? – Basj Jun 08 '20 at 14:19
  • `` is not working at my site . I tested with `RewriteRule ^/articles/?$ - [F,L] `and working fine. – Pandurang Jun 08 '20 at 14:37

1 Answers1

1

Try with below rewrite rule. 

RewriteRule articles/.*$ - [F]

This uses the F|forbidden flag.

Note:

When using [F], an [L] is implied - that is, the response is returned immediately, and no further rules are evaluated.

Basj
  • 41,386
  • 99
  • 383
  • 673
Pandurang
  • 1,656
  • 2
  • 6
  • 10