Hello,

    I am having one project in which files are uploaded in uploads folder. The problem I am facing is that anybody can access that folder and download its contents just by going through that url. What I want is to restrict the access to folder so no one can open it and download anything. How is it possible? Is there any .htaccess file required? If yes then what should I write in it? Please help me. Thanks in advance.

    For Apache, one option is to use <Directory> and then deny access to the given directory. An example is given in Apache's security tips under "Protect Server Files by Default".

      thanks for the reply but what is the option to restrict folder under windows environment?

        As in you want to change the permission at operating system level, as opposed to using web server level restrictions? I am afraid that, despite being primarily a Windows desktop user, I am not familiar with Windows permissions since I normally use Linux servers.

        I would think that web server level restrictions should suffice for what you want to do, unless you are on a shared host.

          now i have moved that folder to apache server and created one .htaccess and one .htpasswd file for that folder now what my .htaccess file contains is

          AuthName "Authorized Users Only."
AuthType Basic
AuthUserFile .htpasswd
Require user username

          and what my .htpasswd file contains is,

          username:password

          but when I ran it it gaves me authorization required dialogbox asking me to enter username and password when i entered the username and password which I have stored in .htpasswd file. It doesn't allowed me to login. Is there any changes required in .htaccess or .htpasswd file?

            Is the path in AuthUserFile an absolute path to the .htpasswd file?

              yes that file is in the same directory where my .htaccess resides....

                Then it's not an absolute path to the .htpasswd file, it's a relative path.

                Include the full path to the file and see if that changes anything.

                  i have given relative path for .htapsswd file which I got by using ls -la command in linux. But I am getting the same error...

                    Try an absolute path instead of a relative path. Something like:

                    AuthUserFile /home/myusername/.htpasswd

                    Also note that .htpasswd really shouldn't be inside of the document root, it should be above it so as to keep prying eyes out.

                      Write a Reply...