Welcome to WebmasterWorld Guest from

Forum Moderators: bakedjake

Message Too Old, No Replies

Restricting directory file access

7:32 pm on Jun 18, 2008 (gmt 0)

Full Member

5+ Year Member

joined:June 21, 2007
posts: 316
votes: 0

Hello all,

Does anyone know if there is a way to use .htaccess or a .conf file to specify that only certain file types can be accessed from a directory?


only allow people access to images in a image folder even if it contained a a number of other file types?

I know you can use a files directive to say only allow authenticated users access to certain file types but this is kind of the other way around. If I had an upload directory that I only want people to add images to (and uploads would be validated first) and if that was somehow compromised this could prevent them accessing their evilfile.ext (whatever extension they use)

Many Thanks

10:03 pm on June 20, 2008 (gmt 0)

Senior Member

WebmasterWorld Senior Member 5+ Year Member Top Contributors Of The Month

joined:Aug 29, 2006
votes: 0

Probably a question for the Apache forum.

I didn't test this .htaccess so it's entirely theoretical but it might inspire you:

# Turn on mod_rewrite
RewriteEngine On
# If request is for images folder
RewriteCond %{REQUEST_URI} ^/images/
# But not for an image filetype
RewriteCond %{REQUEST_URI} !\.(jpg¦gif¦png)$
# Nothing to see here
RewriteRule .* - [F]

Some server configurations require a FollowSymlinks option to be set for the RewriteEngine and the broken pipes in the code should be replaced with solid ones.


9:04 am on June 21, 2008 (gmt 0)

Full Member

5+ Year Member

joined:June 21, 2007
votes: 0

Thanks alot, that worked a treat.

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members