I need to deny access to configuration files under some subfolder. Currently I have this rule but it doesn't work:
<Files ~ "((foo|bar))$"> Order deny,allow Deny from all </Files> If I go to www.mysite.com/foo/foo2/file.xml, I can view the file. I need to deny all file accesses into fooand bar recursively
UPDATE
I have tried this this configuration but have an Internal Error
<FilesMatch ".foo\.(*)$"> Order Allow,Deny Deny from all </FilesMatch> "<Files> [...] will be applied to any object with a basename (last component of filename) matching the specified filename". It's not what you want.
Directory* don't work in .htaccess
You have to use mod_rewrite. For example:
<IfModule mod_rewrite.c> RewriteEngine on RewriteRule ^(foo|bar) - [F] </IfModule> Instead of file directive try using location :
<Location "path/to/folder-or-file"> Order Allow,Deny Deny from all </Location> I would do regex matching inside the apache config. Then
<DirectoryMatch> instead of <File> (you are regular expression matching on a directory)$)simplify your regex (too many brackets)
<DirectoryMatch "/path/to/toplevel/(foo|bar)"> Order deny,allow Deny from all </DirectoryMatch> Note that /path/to/toplevel/ is the file system location of your WWW directory where foo and bar reside.
However, If you want to do it via .htaccess only, create a .htaccess file in every directory that you want to deny (foo, bar, foo/bar etc), and put the line
Deny from all inside.
.htaccess file? In which case you will require AllowOverride Limit set on that directory by your main apache configuration. AllowOverride All in apache configuration