2 Replies - 1577 Views - Last Post: 13 August 2012 - 01:00 AM

#1 e_i_pi  Icon User is offline

  • = -1
  • member icon

Reputation: 782
  • View blog
  • Posts: 1,663
  • Joined: 30-January 09

.htaccess deny to folders from root

Posted 11 August 2012 - 06:52 PM

I have a directory setup on my site essentially like this:
./
./application
  ./Controllers
  ./Models
  ./Views
./assets
./... and so on


The assets section contains material that should always be available for download, for instance images, script libraries, that sort of thing. The application directory should never be accessible, at it is accessed only by PHP includes. I've tried putting this code in my root .htaccess file:
<Directory /application>
deny from all
</Directory>


...but it forces a 500 error across the entire site. Mind you, if I put the following in the .htaccess for the application directory, it works fine:
<Directory Controllers>
	Deny from All
</Directory>
<Directory Models>
	Deny from All
</Directory>
<Directory Views>
	Deny from All
</Directory>


Can anyone explain why the latter works, but the former doesn't? My reasoning is that it is something to do with the former being the root .htaccess, but I'm not an htaccess guru.

Is This A Good Question/Topic? 0
  • +

Replies To: .htaccess deny to folders from root

#2 Dormilich  Icon User is offline

  • 痛覚残留
  • member icon

Reputation: 3398
  • View blog
  • Posts: 9,609
  • Joined: 08-June 10

Re: .htaccess deny to folders from root

Posted 13 August 2012 - 12:09 AM

.htaccess applies to all files and subfolders (and their files and subfolders) in the current directory. if you deny on root-level, practically every file and folder under that is protected.

This post has been edited by Dormilich: 13 August 2012 - 12:09 AM

Was This Post Helpful? 1
  • +
  • -

#3 e_i_pi  Icon User is offline

  • = -1
  • member icon

Reputation: 782
  • View blog
  • Posts: 1,663
  • Joined: 30-January 09

Re: .htaccess deny to folders from root

Posted 13 August 2012 - 01:00 AM

Right, got it. The <Directory> attribute applies to the current directory, you can't use it to deny s subdirectory. .htaccess is not my friend. I think it conspires with RegEx to drive me insane.
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1