Given the following structure:
/a
/a/b
In /a
I have the following .htaccess
:
<FilesMatch ".(phpd?|phpt)$">
Require all denied
</FilesMatch>
and in /a/b
:
Require all granted
The purpose being that, in general, certain file types are not allowed to be accessed, but in a particular subfolder, they are allowed.
However, the parent directive seems to take precedence and I get a 403 response for /a/b/x.php
, i.e.
How can I do to achieve this using .htaccess files (subdirectory Require
directive precedence)?
2
Answers
Inside
/a/b/.htaccess
encloseRequire all granted
in sameFilesMatch
directive you used in parent to deny:Note that you could also use:
<FilesMatch ".">
to match all kind of files but that might override some unwanted denials set in Apache server config.In Apache 2.4 I could not make it work using .htaccess in a sub-folder. It seems that, despite Allowoverride All setting for the DocumentRoot in httpd-vhosts.conf, the parent folder’s .htaccess somehow takes precedence with respect to authentication.
My workaround was to explicitly allow the sub-folders I want in the parent folder’s .htaccess file:
In the latter example I explicitly allow /images/public/ and /.well-known/ subfolders to be accessed by anyone, and for all the rest I require an authenticated user based on .htpasswd.
Here
=~ m#regexp#
means regular expressionregexp
match andi
means case-insensitive.P.S.
In my case the parent folder is the document root
/
and the .htaccess file lives there.