Security HowTo's

Restrict access to Multiple files in Apache

Share This:

Apache has plenty of access control features that can help prevent unauthorised access to key parts of your site. This article is about giving a 404 (access denied) response when someone tries to access specific files on your site.

In the examples below, we’ll be restricting access to two PHP files (although we can protect any kinds of files) called “apples.php” and “bananas.php”.

Here’s how to deny access to a few files using either a “.htaccess” file of the “vhost” configuration.

<FilesMatch "apples\.php|bananas\.php">
 Order Deny,Allow
 Deny From all
</FilesMatch>

Put the above in either the vhost file or the .htaccess file for it to take effect. Note that any changes to the vhost file requires a reload or restart of Apache.

But what if you want to allow access from some IP addresses and not others? Here we’ll restrict access to everyone that DOESN’T have an IP address starting with “127.whatever“, “172.whatever“, “10.whatever” or “192.whatever“.

<FilesMatch "apples\.php|bananas\.php">
 Order Deny,Allow
 Deny From all
 Allow From 127. 172. 10. 192.
</FilesMatch>

Leave a Reply

Your email address will not be published. Required fields are marked *