Sometimes you may need to prevent files from direct URL access on your website. For example, you may not want to allow unauthorized users to access your website files. You can easily do this using .htaccess file in Apache web server. In this article, we will look at how to prevent direct file download in Apache server.
How to Prevent Direct File Download in Apache Server
Here are the steps to prevent direct file download in Apache server.
1. Create New Folder
First, you need to create a separate folder (e.g. /var/www/html/data). Open terminal and run the following command to create this new folder
$ sudo mkdir /var/www/html/data
Move all the files that you want to protect to this folder.
Also read : Difference between $host and $http_host
2. Create .htaccess file
Create .htaccess file
$ sudo vi /var/www/html/.htaccess $ sudo chmod 755 /var/www/html/.htaccess
Add the following lines in it.
<filesmatch ".*"=""> Order Allow,Deny Deny from All </filesmatch>
3. Restart Apache Server
Restart Apache web server to apply changes.
$ sudo service apache2 restart
That’s it. Now open your web browser and try to access the file (e.g. http://your_website_or_ip/file_url ). You will see a “Access Denied” message.
This is very useful if you have sensitive information on your website, that you don’t want unauthorized users to access.
Also read : How to Check if mod_deflate is enabled