File and folder access management in Apache

Restricting to localhost Access Only

To restrict access globally, all you have to do is to restrict access in httpd.conf in Apache’s conf directory.

First, locate the Directory settings for your htdocs directory (under Windows it’s e.g. C:/Apache2/htdocs, C:/Program Files/xampp/htdocs, etc., under Linux it’s e.g. /usr/htdocs, /usr/local/htdocs, /usr/local/www/htdocs, /usr/share/htdocs, etc.).

Then, you have to edit the Order subsection as follows (comments left out for readability):

<Directory "htdocs_path">
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All</directory>

Order deny,allow
Deny from all
Allow from localhost
</Directory>

Note: Order of the Deny and Allow lines is important! – just guessing, but I think that Apache simply applies the rules one after another, and the output of last rule that applies to the IP is used.

It can be also sometimes useful to disallow overrides of settings; if needed, simply change AllowOverride All to AllowOverride None, to disallow override of settings using .htaccess files.

See Apache documentation for complete list of options; just like with Options, it’s recommended to list the settings explicitely in AllowOverride to know what exactly is allowed.

Restricting Access to Certain Files

Great example of how to do this is contained in the httpd.conf itself, but many people seem to somehow miss it there, so here it is:

# The following lines prevent .htaccess and .htpasswd files
# from being viewed by Web clients.
<FilesMatch "^\.ht">
Order allow,deny
Deny from all
</FilesMatch>

Of course, don’t forget to restart Apache after each edit of httpd.conf file, so it reloads the settings. Good luck!

5 responses to “File and folder access management in Apache

  1. I found your site on google blog search and read a few of your other posts. Keep up the good work. Just added your RSS feed to my feed reader. Look forward to reading more from you.

    – Sue.

  2. Thank you, Sue 🙂

    I hope I won’t let you down, and that there will be lots more of interesting stuff for you here.

  3. I will bookmark your article for future use. It was very interesting. Thank you.
    Have a nice day! 😉

  4. hello, i was wondering how i could make access to my apache to access a file that is in srv/www/htdocs i made myself so he do not have access

    many thanks!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s