.htaccess is a hidden file that allows you to customize Apache server configuration without accessing its config files. So if you want to deny access to certain specific file types on your website, then you can do that with the help of .htaccess file. Here’s how to deny access to multiple files using .htaccess.
How to Deny Access to Multiple Files Using .htaccess
Here’s how to deny access to multiple files using .htaccess. Before you proceed, please ensure you have enabled mod_rewrite (.htaccess) on your Apache web server. Here’s how to do it on:
1. Open .htaccess file
Open .htaccess file in a text editor. You will typically find it at the root folder of your website (/var/www/html)
$ sudo vim /var/www//html/.htaccess
If you are using CPanel, here are the steps to open .htaccess file.
- Log into CPanel.
- Click File Manager in Files category.
- Click Settings on top right corner.
- You will see a popup box. Select ‘Web Root’ and ‘Show Hidden Files’. Click Go button.
- You will see a list of files in your root folder.
- Right click on htaccess and click Code Edit to bring up htaccess editor.
2. Deny Access to Multiple Files
Let’s say you want to deny access to multiple files (.htaccess, .htpasswd, .ini, .conf, .php) files. Add the following block of code on .htaccess.
<FilesMatch "\.(htaccess|htpasswd|ini|php|conf)$"> Order Allow,Deny Deny from all </FilesMatch>
In the above code, the first line specifies the file names and extensions for which these rules are applicable. You can use the ‘|’ operator to combine file names & extensions.
The next couple of lines specify that access should be denied to all.
You can also deny access to specific IPs (e.g 220.127.116.11)
<FilesMatch "\.(htaccess|htpasswd|ini|php|conf)$"> Order Allow,Deny Deny from 18.104.22.168 </FilesMatch>
You can also deny access to specific IP ranges (22.214.171.124 – 126.96.36.199) using CIDR notation.
<FilesMatch "\.(htaccess|htpasswd|ini|php|conf)$"> Order Allow,Deny Deny from 188.8.131.52/24 </FilesMatch>
3. Restart Apache Web Server
Restart Apache web server to apply changes.
$ sudo /etc/init.d/apache2 start [Debian or Ubuntu] # sudo apachectl restart [RHEL, CentOS or Fedora]