I am not sure how to do this, but I want to block all access to a specific set of folders on my web server. Say secret01 and secret 02...
homeDir
|- data
|- www
| |- .htaccess (file)
| |- images
| |- js
| |- secret01
| |- secret02
| |...
|...
What rule(s) do I need to add to my root .htaccess file to do this? I want all access from the web blocked from going into these folders, period. Only way one could get to them would be over SFTP or SSH. So what rule am I looking for? I am preferably looking for a one-liner so I can add more folders or move it to another site down the road. I really would prefer if the rule could be placed in the .htaccess root file so I don't have to jump all over the place to lock and unlock folders.
= Update for Clarity =
I do not have access to the conf file for this host (it is in a shared environment) and I need to have these folders inside the webroot for a few shell purposes. If I could I would have already moved them up out of the webroot.
I also don't want to screw with the file permissions, just have a rule in my .htaccess that blocks web traffic from accessing a folder or set of folders.
You can just create a .htaccess with
for the folders (put the file it in those).
Also with mod_rewrite on www/.htaccess:
If you truly do not want them accessible to the Internet via HTTP, you should move them outside of the Web tree entirely.
You can also use filesystem permissions. For example, if Apache runs as the
apacheuser, but you want the files only accessible via SSH byuser23you can have secret* owned byuser2and not publicly readable. Of course, there are nearly endless additional options here. Groups, filesystem ACLs, and more.For ACLs, you can use mod_authz. It's best to keep the configuration in the conf and not in
.htaccess. Having them in.htaccessintroduces more exposure and possible for manipulation with lesser privileges.mod_authz documentation