I have created an axtra ftp account for someone else, so he can upload files.(tournament results, about 20/30 htm files and images)
I am also very paranoid, so in case he upload “possible dangerous” files, i do not want those files to be accessible via an http request. With the help of PHP I want to grab the content of those files. (I do not expect troubles with that yet)
Problem:
My hoster does not allow extra ftp accounts have access outside the public_html.
So i thought htacces should solve my problem. Just by deny from all rule.
But with ftp acces this htaccess file can be deleted or changed.
So i tried to add the following code in my main htacces file in the root of my site:
<Directory "/home/xxxx.nl/public_html/xxxxxxxx.nl/onzetoernooien/swissmaster_ftp">
deny from all
</Directory>
My site hung with an internal server error.
I have no access to the httpd file.
My idea was to use an htacces file above this directory.
If the absolute path was incorrect, i could use some kind of wildcard, like *swissmaster?
I have searched on the Apache website, but i get lost in the overwhelming amount of information.
Thanks in advance for any help!
Unfortunately you can’t use a
<Directory>section in .htaccess, only in the server configuration file. That causes the server error (check your error logs and you’ll see the error message). We can’t secure a subdirectory with a<Filesmatch "subdir/.*$">either, as FilesMatch examines only the filename part of the requested URI.You can, however, use mod_rewrite, along these lines:
If the requested URI matches the regex pattern
subdir.*(so “subdir” followed by anything else; you may need to tweak the pattern, as it happily catches subdir_new/something.txt too — I’m sure you get the idea), then mod_rewrite’s F flag will return a 403 Forbidden status (the NC stands for No-Case, making the pattern case-insensitive).