i think case is important here.
try this:

Order Deny,Allow
Deny from all
Allow from 127.0.0.1

hi

the solution did not work :(

any suggestion.

Anoop

You MIGHT try

order deny,allow
allow from 127.0.0.1
deny from all

However, I'm more inclined to believe that you'd be required to use the IP range that your system access the server and logs from. As opposed to a local/127 folder.

And be sure to completely flush your browser cache before testing after making any change to your server access controls... Otherwise, your browser will likely just serve up the previously-cached page, without requesting it from your server.

Jim

hi

i tried all the options suggested, but still it is not working. Please advice what should be the right solution.

I will explain my requirement. I don't want a user from anywhere on the Internet to access files under specific folder directly, but i need my application to access files under that folder and show them on the browser. To achieve this what is the best way.

Anoop

i tried all the options suggested, but still it is not working. Please advice what should be the right solution.

that depends on what it is doing or not doing.

first, the "what it is" part of the question:
what does "accessble only through the system witin the site" mean?
do you want to access it locally-only using http protocol?
or do you want your server application to access it through the file system and have no http access, local or otherwise?

second, the "doing or not doing" part of the question:
is it allowing "nonlocal" traffic when it shouldn't?
or is it not allowing local traffic when it should?

have you looked for hints in your server logs?
what status code do you get when you request a resource?

i complete and unambiguous description of the problem is a prerequisite to the solution.

Isn't this a simple case of chmod the directory?

Allow your app to read the directory but everything no access. Assuming that your app is the owner of the directory:

chmod 400 /path/yourdir

Change the 4 if you need write / execute access.

[edited by: Frank_Rizzo at 11:47 am (utc) on Feb. 26, 2007]

first, the "what it is" part of the question:
what does "accessble only through the system witin the site" mean?
do you want to access it locally-only using http protocol?
or do you want your server application to access it through the file system and have no http access, local or otherwise?

no http access for local or otherwise, application should access it through the file system.

second, the "doing or not doing" part of the question:
is it allowing "nonlocal" traffic when it shouldn't?
or is it not allowing local traffic when it should?

when i enable htaccess the access is not allowed for local or non local both.

Anoop

it sounds like your .htaccess is doing what it should and your http (non)access of the resource in question is as you would expect, both locally and externally.
(i can only assume you got a 403 Forbidden status code, but it would be interesting to know if this is in fact what happened)

what is your problem with file system access by your server application?

please describe what you are trying to do, how you tried to do it and what happened when you tried that.

Simple, put the folder above the document root. It won't be accessible to the internet but your scripts can access them.

Most servers set doc root similar to this:

/home/username/public_html/

Anything under public_html/ is accessible to net, yet you still have priveledges to username/, so move the files to username/protected_folder/