1

how to hide my application folders and its contents to third party viewers in .htaccess file ?

enter image description here

Mohan Raj
  • 447
  • 1
  • 5
  • 18
  • 5
    Don't put them in a public webroot to begin with. – deceze Aug 26 '13 at 13:26
  • 2
    Just put blank `index.html` – Bora Aug 26 '13 at 13:28
  • Have a look at this: http://stackoverflow.com/a/8683790/1415724 --- and I quote: *"You cannot use the [Directory directive](http://httpd.apache.org/docs/2.0/mod/core.html#directory) in .htaccess. However if you create a .htaccess file in the /system directory and place the following in it, you will get the same result"* – Funk Forty Niner Aug 26 '13 at 13:28
  • If you dislike that feature of the webserver, write your own index. And disable the default one. Check your webserver manual on how to do that. – hakre Aug 30 '13 at 11:02

4 Answers4

4

try using this, I guess it will work.

RedirectMatch 403 ^.*/sub-folder-name/*

This will stop the direct access of all the sub-folders and files recursively.

Mohammed Asad
  • 979
  • 1
  • 8
  • 18
1

The more standard approach is to not put them in the public web root to begin with. If you look at most frameworks, you'll see they have a public folder in which they put the static assets (images, JS, CSS, etc), and the actual application files are outside of that. The public/index.php file loads everything else.

If you can't restructure your application, then there are a couple of ways you can do it:

  1. Add an index.html or index.php file that simply displays some kind of error or even blank page. The drawback to this is that you need to have it in every folder. This will work for weird shared hosts that don't allow you to play with .htaccess.
  2. Remove Indexes (or add -Indexes) from your Vhosts file. This will disable it at the server level, but this requires access to the Vhosts file, which you might not have if you're in a shared environment.
  3. Add Options -Indexes to your root .htaccess file (to disable indexing on all folders) or in an .htaccess file at the top folder in whatever tree you want to disable directory indexing for (such as Views). This will disable indexes the same way as #2, but only for this application.
Shauna
  • 9,495
  • 2
  • 37
  • 54
-1

To deny complete access to that folder for any visitor you should use

deny from all

If you just want to prevent listing of the folder, you should use

Options -Indexes

If you want to do it the lazy man's way:

Just create an empty index.html or index.php file into /views.

Gilly
  • 9,212
  • 5
  • 33
  • 36
  • how to hide my views folder alone? – Mohan Raj Aug 26 '13 at 13:39
  • 1
    create a file called .htaccess and put it in /views in that .htaccess you put: Options -Indexes – Gilly Aug 26 '13 at 13:49
  • This works fine, but also i need to block all the folders inside the views, for eg, when i try this url views/user/user_add.php, this is accessable where views/ is not accessable, any idea for the common htaccess to disallow all the folders. – Mohan Raj Aug 27 '13 at 05:33
  • You should add a 'deny from all' below the 'Options -Indexes' which will automatically block access to any subfolder – Gilly Aug 27 '13 at 07:56
-2
Deny from all

in .htaccess file

user2368299
  • 369
  • 3
  • 14