Welcome to WebmasterWorld Guest from

Forum Moderators: bakedjake

Message Too Old, No Replies

Restricting directory file access



7:32 pm on Jun 18, 2008 (gmt 0)

5+ Year Member

Hello all,

Does anyone know if there is a way to use .htaccess or a .conf file to specify that only certain file types can be accessed from a directory?


only allow people access to images in a image folder even if it contained a a number of other file types?

I know you can use a files directive to say only allow authenticated users access to certain file types but this is kind of the other way around. If I had an upload directory that I only want people to add images to (and uploads would be validated first) and if that was somehow compromised this could prevent them accessing their evilfile.ext (whatever extension they use)

Many Thanks


10:03 pm on Jun 20, 2008 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member

Probably a question for the Apache forum.

I didn't test this .htaccess so it's entirely theoretical but it might inspire you:

# Turn on mod_rewrite
RewriteEngine On
# If request is for images folder
RewriteCond %{REQUEST_URI} ^/images/
# But not for an image filetype
RewriteCond %{REQUEST_URI} !\.(jpg¦gif¦png)$
# Nothing to see here
RewriteRule .* - [F]

Some server configurations require a FollowSymlinks option to be set for the RewriteEngine and the broken pipes in the code should be replaced with solid ones.



9:04 am on Jun 21, 2008 (gmt 0)

5+ Year Member

Thanks alot, that worked a treat.

Featured Threads

Hot Threads This Week

Hot Threads This Month