How to Deny Access to Multiple Files Using .htaccess


deny access to multiple files htaccess

.htaccess is a hidden file that allows you to customize Apache server configuration without accessing its config files. So if you want to deny access to certain specific file types on your website, then you can do that with the help of .htaccess file. Here’s how to deny access to multiple files using .htaccess.

 

How to Deny Access to Multiple Files Using .htaccess

Here’s how to deny access to multiple files using .htaccess. Before you proceed, please ensure you have enabled mod_rewrite (.htaccess) on your Apache web server. Here’s how to do it on:

 

1. Open .htaccess file

Open .htaccess file in a text editor. You will typically find it at the root folder of your website (/var/www/html)

 


$ sudo vim /var/www//html/.htaccess

 

If you are using CPanel, here are the steps to open .htaccess file.

  1. Log into CPanel.
  2. Click File Manager in Files category.
  3. Click Settings on top right corner.
  4. You will see a popup box. Select ‘Web Root’ and ‘Show Hidden Files’. Click Go button.
  5. You will see a list of files in your root folder.
  6. Right click on htaccess and click Code Edit to bring up htaccess editor.

 

2. Deny Access to Multiple Files

Let’s say you want to deny access to multiple files (.htaccess, .htpasswd, .ini, .conf, .php) files. Add the following block of code on .htaccess.


<FilesMatch "\.(htaccess|htpasswd|ini|php|conf)$">
Order Allow,Deny
Deny from all
</FilesMatch>

In the above code, the first line specifies the file names and extensions for which these rules are applicable. You can use the ‘|’ operator to combine file names & extensions.

The next couple of lines specify that access should be denied to all.

 

You can also deny access to specific IPs (e.g 54.34.21.11)


<FilesMatch "\.(htaccess|htpasswd|ini|php|conf)$">
Order Allow,Deny
Deny from 54.34.21.11
</FilesMatch>

 

You can also deny access to specific IP ranges (54.34.21.0 – 54.34.21.255) using CIDR notation.


<FilesMatch "\.(htaccess|htpasswd|ini|php|conf)$">
Order Allow,Deny
Deny from 54.34.21.0/24
</FilesMatch>

 

3. Restart Apache Web Server

Restart Apache web server to apply changes.


$ sudo /etc/init.d/apache2 start [Debian or Ubuntu]
# sudo apachectl restart [RHEL, CentOS or Fedora]

About Sreeram Sreenivasan

Sreeram Sreenivasan is the Founder of Ubiq, a business dashboard & reporting platform for small & medium businesses. Ubiq makes it easy to build business dashboards & reports for your business. Try it for free today!