For some security reasons, sometime we want to allow access only to certain type of files in our server. Luckily, Apache provides us with facility to do this. In fact, it provides us with a few different ways.
In this article, I will explain how to allow access only to certain files by using REDIRECT technique. Let us consider that we will only allow access to files with .php and .html extension. Here is the steps :
- Compile and load the mod_rewrite module ( I won’t explain how to do this)
- Add the following lines in global configuration or virtual host configuration :
- RewriteEngine on
- RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !\.(html|php)$
- RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI} !-d
- RewriteRule (.*) – [F]
Here is the explanation (each bullet is related to the corresponding bullet above – in order):
- Activate rewrite engine
- If requested URI – absolute to document root – is not ended with .html or .php; and
- The requested URI is not a directory [!-d] ; then
- everything (URL sended by client) will be rewrited (redirected) to a forbidden page [F]
That’s all.
Advertisement
November 14, 2010 at 6:40 am
Nice post.
This post show me how to make our server can only be accessed for some file extension.
But, how about blocking access to certain file types, for example, i want to allow access to all file types, except, (may be) jsp?
November 14, 2010 at 11:24 pm
Well, if you want to block access to certain file type, you can modify the second line. Suppose you want to allow access to other files than those with extension .jsp , then the second line will be :
Notice that I remove the “!” before the \.
The other way (easier for this case) is to use the files or filesmatch directive.