.htaccess to prevent navigation

Asked

Viewed 346 times

-1

I have a Debian server and the directory to put projects in apache is the traditional /var/www/html, I’m trying to block browsing directories and sub-directories through the browser with . htaccess but I’m not getting it right.

The . htaccess code is in the html folder with permission 644 www-data user:

<Directory /var/www/html>
    AllowOverride All
    Options -Indexes
</Directory>

1 answer

1


Try this:

<Location /my_folder/>
    Order Deny,Allow
    Deny from all
</Location>

Or this (depends on the server version)

<directory /my_folder/>
    Order Deny,Allow
    Deny from all
</Location>

Apache configuration

Edit the apache configuration file, usually at /etc/apache2.conf look up the list of available directories, a block similar to this (copied from a debian google cloud virtural machine):

<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

<Directory /usr/share>
        AllowOverride None
        Require all granted
</Directory>

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride None
        Require all granted
</Directory>

Amend the Directive AllowOverride for:

 AllowOverride All
  • I tried both ways but it didn’t work, will have to restart apache ?

  • Although it may not only be that, but yes, it has to restart the apahe. $ sudo /etc/init.d/apache2 restart

  • I tried both examples and always restarting apache and did not give, continue listing... I want apache to stop listing folders because yesterday I saw in apache logs that someone was kicking some directories on my server. If you need the apache version: Server version: Apache/2.4.10 (Debian)

  • What do you mean someone was kicking directories? in what way?

  • I created a free account in google cloud, then created a vm with LAMP to do some tests, this VM has a variable IP for internet access and that only I know, from taking a look at apache logs to see something else I saw that they had error logs because they tried to access several different addresses like /html/login, /password, /PASSWOR, /robot.txt ... and so on, so I want to take away at least the browsing of Apache files/folders! (I think the racy pyjamas keep kicking address rsrs)

  • I edited the answer, try applying the specified configuration in apache.

  • Good! It worked! Thank you very much!

Show 2 more comments

Browser other questions tagged

You are not signed in. Login or sign up in order to post.