.htaccess to prevent navigation

Question

.htaccess to prevent navigation

Asked 7 years, 5 months ago

Viewed 346 times

-1

I have a Debian server and the directory to put projects in apache is the traditional /var/www/html, I’m trying to block browsing directories and sub-directories through the browser with . htaccess but I’m not getting it right.

The . htaccess code is in the html folder with permission 644 www-data user:

<Directory /var/www/html>
    AllowOverride All
    Options -Indexes
</Directory>

1 answer

Browser other questions tagged linux htaccess apache

You are not signed in. Login or sign up in order to post.

by Sidon • **6,563** points · Answer 1 · 2017-06-22T19:24:09+00:00

1

Try this:

<Location /my_folder/>
    Order Deny,Allow
    Deny from all
</Location>

Or this (depends on the server version)

<directory /my_folder/>
    Order Deny,Allow
    Deny from all
</Location>

Apache configuration

Edit the apache configuration file, usually at /etc/apache2.conf look up the list of available directories, a block similar to this (copied from a debian google cloud virtural machine):

<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

Amend the Directive AllowOverride for:

 AllowOverride All

I tried both ways but it didn’t work, will have to restart apache ?

– user2831852

2017/06/22 at 22:04
Although it may not only be that, but yes, it has to restart the apahe. $ sudo /etc/init.d/apache2 restart

– Sidon

2017/06/22 at 22:06
I tried both examples and always restarting apache and did not give, continue listing... I want apache to stop listing folders because yesterday I saw in apache logs that someone was kicking some directories on my server. If you need the apache version: Server version: Apache/2.4.10 (Debian)

– user2831852

2017/06/22 at 23:05
What do you mean someone was kicking directories? in what way?

– Sidon

2017/06/22 at 23:48
I created a free account in google cloud, then created a vm with LAMP to do some tests, this VM has a variable IP for internet access and that only I know, from taking a look at apache logs to see something else I saw that they had error logs because they tried to access several different addresses like /html/login, /password, /PASSWOR, /robot.txt ... and so on, so I want to take away at least the browsing of Apache files/folders! (I think the racy pyjamas keep kicking address rsrs)

– user2831852

2017/06/23 at 22:21
I edited the answer, try applying the specified configuration in apache.

– Sidon

2017/06/24 at 11:34
Good! It worked! Thank you very much!

– user2831852

2017/06/24 at 15:36

Show 2 more comments