Question posted in
Some documentation to get you started can be found here.

How to deny access to users for a file but not to the plugin which uses the file using htaccess? – Apache

I have a plugin which is using an xml file located in the plugin folder.

example.com/wp-content/plugins/myplugin/myxml.xml

I want to deny access to the file for users but not to the plugin. If I type the URL I can read the file. I used the following in htaccess inside my plugin’s folder

<Files ~ ".xml$">  
Order Allow,Deny
Deny from All
</Files>

I get the 403 error but the plugin cannot read the file

I used Options -Indexes as well

How can I fix this?

Tags:

4

Answers


  1. 0 
     <Files ~ ".xml$">  
  Order Allow,Deny
  Deny from All
  Allow from localhost
</Files>
    Login or Signup to reply.
  2. 0

    This will only work if you place it in the main .htaccess. Then the file is not accessible from outside but accessible from the wordpress

    Login or Signup to reply.
  3. 0

    The recommended solution for this issue is, Set proper file permission and user group. So all the application can access the file, but Public Users can’t.
    For more information visit Linux File permission

    Login or Signup to reply.
  4. 0

    There are a couple of ways to go about this:

    • Load the file from the filesystem and not over the network if possible.
    • Use access control as @Jamie_D has suggested.
      His code might not work if example.com doesn’t resolve to localhost (check your /etc/hosts). It the file has to be accessed over the public internet, use your public IP.

    For reference, here is the documentation for mod_access.

    Access can be controlled based on the client hostname, IP address, or
    other characteristics of the client request, as captured in
    environment variables.

    And you could also use authentication for that file.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search