skip to Main Content

Given the following structure:

/a
/a/b

In /a I have the following .htaccess:

<FilesMatch ".(phpd?|phpt)$">
    Require all denied
</FilesMatch>

and in /a/b:

Require all granted

The purpose being that, in general, certain file types are not allowed to be accessed, but in a particular subfolder, they are allowed.
However, the parent directive seems to take precedence and I get a 403 response for /a/b/x.php, i.e.

How can I do to achieve this using .htaccess files (subdirectory Require directive precedence)?

2

Answers


  1. Inside /a/b/.htaccess enclose Require all granted in same FilesMatch directive you used in parent to deny:

    <FilesMatch ".(phpd?|phpt)$">
       Require all granted
    </FilesMatch>
    

    Note that you could also use: <FilesMatch "."> to match all kind of files but that might override some unwanted denials set in Apache server config.

    Login or Signup to reply.
  2. In Apache 2.4 I could not make it work using .htaccess in a sub-folder. It seems that, despite Allowoverride All setting for the DocumentRoot in httpd-vhosts.conf, the parent folder’s .htaccess somehow takes precedence with respect to authentication.

    My workaround was to explicitly allow the sub-folders I want in the parent folder’s .htaccess file:

        AuthName "This website is by invitation only"               
        AuthType Basic
        AuthUserFile "T:/folder-with-your-password-file/.htpasswd"
    
        Require expr %{REQUEST_URI} =~ m#^/images/public/(.*)$#i
        Require expr %{REQUEST_URI} =~ m#^/.well-known/(.*)$#i  
        Require valid-user
    

    In the latter example I explicitly allow /images/public/ and /.well-known/ subfolders to be accessed by anyone, and for all the rest I require an authenticated user based on .htpasswd.

    Here =~ m#regexp# means regular expression regexp match and i means case-insensitive.

    P.S.
    In my case the parent folder is the document root / and the .htaccess file lives there.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search