Sometimes you may need to block access to specific URLs or restrict access to specific file types on your website. You can easily do this using .htaccess file if your website runs on Apache web server. In this article, we will look at how to restrict URL path access in .htaccess.
How to Restrict URL Path Access in .htaccess
Here are the steps to restrict URL path access in .htaccess.
1. Enable mod_rewrite
If you have already enabled mod_rewrite in Apache then you can skip this step. Otherwise, run the following commands to enable mod_rewrite, depending on your Linux system.
Open terminal and run the following command to enable mod_rewrite
$ sudo a2enmod rewrite
Open Apache configuration file in a text editor.
$ sudo vi /etc/apache2/httpd.conf
Look for the following line.
#LoadModule rewrite_module modules/mod_rewrite.so
Uncomment it by removing # at its beginning. If you don’t find this line, add it afresh.
Also look for the following Directory tag and change AllowOverride from None to All.
. . .
. . .
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
. . .
. . .
2. Restrict URL Path Access
Open .htaccess file in a text editor.
$ sudo vi /var/www/html/.htaccess
Now, depending on your requirement, add the following lines to .htaccess file.
Deny Access to File based on extension
If you want to deny access to files ending with .zip extension on your website, then add the following lines to .htaccess file. Replace .zip below with your choice extension.
<Files ~ "\.zip$"> Order Allow,Deny Deny from All </Files>
If you want to deny access to specific file config.php, then update the above configuration to
<Files config.php> order allow,deny Deny from all </Files>
Deny Access to hidden files
If you want to restrict access to hidden files on your website, with file names beginning with dot(.) then add the following line to .htaccess.
RedirectMatch 403 /\..*$
Deny Access to folder
If you want to restrict access to specific folder such as /data then add the following lines to your .htaccess file.
RewriteEngine On RewriteRule (^|/)data(/|$) - [F]
Restrict Access to URL Path
If you want to restrict access to specific URL path /data/abc.php, then add the following lines to .htaccess file.
RewriteEngine On RewriteRule ^data/abc.php$ - [F]
Restrict Access from IP address
If you want to block access from a specific IP address, then add the following line to .htaccess file.
deny from 220.127.116.11
If you want to block access from IP range 18.104.22.168 to 22.214.171.124 then drop the last octet from IP address
deny from 123.26.24.
3. Restart Apache Server
Restart apache server to apply changes.
$ sudo service apache2 restart
In this article, we have seen different ways to block access to URL paths, whether it is a single URL, file or a folder. Depending on your requirement, you need to add the appropriate code block described above.
How to Pass Parameters to Shell Script Functions
How to Force NGINX to Serve New Static Files
How to Return Value in Shell Script Functions
How to Retrieve POST data in Django
How to Temporarily Disable Foreign Key Checks in MySQL