Prevent Access to Files on Web Server using htaccess

Print View Mobile View

In this post I will show how you can prevent public access and protect a certain file on your web server or completely block access to a certain file type using the .htaccess file (Hypertext Access file).

Protect a certain file on your server

By using the below code you can prevent public access to any file you want. For example to prevent access to “file.jpg”  use the following code:

<files file.jpg>
order allow,deny
deny from all
</files>

Using this method you can protect the .htaccess file too.

<files .htaccess>
order allow,deny
deny from all
</files>

Now if anyone try to access that file, they will get a 403 error.

Prevent access to a certain file type

<Files ~ "\.log$">
order allow,deny
deny from all
</Files>

The above code prevents access to all .log files.

Prevent access to multiple file types at once:

<FilesMatch "\.(log|ini|htaccess)$">
order allow,deny
deny from all
</FilesMatch>

The above code prevents access to all files with .log, .ini and .htaccess extension.

Add extension of those files you want to prevent access to between “(” and “)” and separate each file extension with a pipe – “|.”

You can also allow or deny access to a file based on an IP address or block/range.