Question posted in 
Given the following structure:
/a
/a/b
In /a I have the following .htaccess:
<FilesMatch ".(phpd?|phpt)$">
Require all denied
</FilesMatch>
and in /a/b:
Require all granted
The purpose being that, in general, certain file types are not allowed to be accessed, but in a particular subfolder, they are allowed.
However, the parent directive seems to take precedence and I get a 403 response for /a/b/x.php, i.e.
How can I do to achieve this using .htaccess files (subdirectory Require directive precedence)?
2
Answers
Inside
/a/b/.htaccessencloseRequire all grantedin sameFilesMatchdirective you used in parent to deny:Note that you could also use:
<FilesMatch ".">to match all kind of files but that might override some unwanted denials set in Apache server config.In Apache 2.4 I could not make it work using .htaccess in a sub-folder. It seems that, despite Allowoverride All setting for the DocumentRoot in httpd-vhosts.conf, the parent folder’s .htaccess somehow takes precedence with respect to authentication.
My workaround was to explicitly allow the sub-folders I want in the parent folder’s .htaccess file:
In the latter example I explicitly allow /images/public/ and /.well-known/ subfolders to be accessed by anyone, and for all the rest I require an authenticated user based on .htpasswd.
Here
=~ m#regexp#means regular expressionregexpmatch andimeans case-insensitive.P.S.
In my case the parent folder is the document root
/and the .htaccess file lives there.