How to Prevent Direct File Download in Apache Server

Sometimes you may need to prevent files from direct URL access on your website. For example, you may not want to allow unauthorized users to access your website files. You can easily do this using .htaccess file in Apache web server. In this article, we will look at how to prevent direct file download in Apache server.


How to Prevent Direct File Download in Apache Server

Here are the steps to prevent direct file download in Apache server.


1. Create New Folder

First, you need to create a separate folder (e.g. /var/www/html/data). Open terminal and run the following command to create this new folder

$ sudo mkdir /var/www/html/data

Move all the files that you want to protect to this folder.

Also read : Difference between $host and $http_host


2. Create .htaccess file

Create .htaccess file

$ sudo vi /var/www/html/.htaccess
$ sudo chmod 755 /var/www/html/.htaccess

Add the following lines in it.

<filesmatch ".*"="">
    Order Allow,Deny
    Deny from All
</filesmatch>

Also read : How to Test Multiple Variables Against a Value in Python


3. Restart Apache Server

Restart Apache web server to apply changes.

$ sudo service apache2 restart

That’s it. Now open your web browser and try to access the file (e.g. http://your_website_or_ip/file_url ). You will see a “Access Denied” message.

This is very useful if you have sensitive information on your website, that you don’t want unauthorized users to access.

Also read : How to Check if mod_deflate is enabled