How to deny project access but allow folder access in htaccess?

A

Andrey Veryaskin2017-02-03 17:24:50

Apache HTTP Server

Andrey Veryaskin, 2017-02-03 17:24:50

There is a project for which the following is written in .htaccess:

Order Deny,Allow
Deny from all
Allow from **.**.**.**
Allow from **.**.**.**
Allow from **.**.**.**
Allow from **.**.**.**
Allow from **.**.**.**
Allow from **.**.**.**

This project has a third level folder that I want to share with everyone.
In this folder in .htaccess I write:
Allow from all
If a simple code (echo '123';) is written in the index.php file, which lies in this folder, then everything is fine and it opens from the left IP
But if the file includes others via require() files in various folders of the project, then it does not open from the left IP.
Do I understand correctly that in order to open such a file, it is necessary that in .htaccess access to all included files be opened, too, separately?
But after all, I don’t want all users to have direct access to these files, I just want to be able to run the index.php file that will connect all the other necessary ones and give the result.
is there any solution?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

I

ioannes, 2017-02-07
@ioannes

In theory, there are no problems, here is my stand:

find ./test/
./test/
./test/z.php
./test/.htaccess
./test/test
./test/test/z.php
./test/test/.htaccess

$ cat test/z.php
<?php echo "required<br />\n" ;?>

$ cat test/.htaccess
Deny from all

$ cat test/test/z.php
<?php require("../z.php") ;?>
<?php echo "main<br />\n" ;?>

$ cat test/test/.htaccess
Allow from all

$ wget https://my.site/test/z.php
HTTP-запрос отправлен. Ожидание ответа... 403 Forbidden
2017-02-07 16:18:30 ОШИБКА 403: Forbidden.

$ wget https://my.site/test/test/z.php -O -
HTTP-запрос отправлен. Ожидание ответа... 200 OK
Длина: 27 [text/html]
Сохранение в: «STDOUT»

equired<br />
main<br />

Access to the included file directly is forbidden, but it is available via require().