restrict url path in .htaccess

How to Restrict URL Path Access in .htaccess

Sometimes you may need to block access to specific URLs or restrict access to specific file types on your website. You can easily do this using .htaccess file if your website runs on Apache web server. In this article, we will look at how to restrict URL path access in .htaccess.


How to Restrict URL Path Access in .htaccess

Here are the steps to restrict URL path access in .htaccess.


1. Enable mod_rewrite

If you have already enabled mod_rewrite in Apache then you can skip this step. Otherwise, run the following commands to enable mod_rewrite, depending on your Linux system.

Ubuntu/Debian

Open terminal and run the following command to enable mod_rewrite

$ sudo a2enmod rewrite

Redhat/CentOS/Fedora

Open Apache configuration file in a text editor.

$ sudo vi /etc/apache2/httpd.conf

Look for the following line.

#LoadModule rewrite_module modules/mod_rewrite.so

Uncomment it by removing # at its beginning. If you don’t find this line, add it afresh.

Also look for the following Directory tag and change AllowOverride from None to All.

. . .
<Directory /var/www/html>
. . .
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride All
. . .
</Directory>
. . .


2. Restrict URL Path Access

Open .htaccess file in a text editor.

$ sudo vi /var/www/html/.htaccess

Now, depending on your requirement, add the following lines to .htaccess file.


Deny Access to File based on extension

If you want to deny access to files ending with .zip extension on your website, then add the following lines to .htaccess file. Replace .zip below with your choice extension.

<Files ~ "\.zip$">  
 Order Allow,Deny
 Deny from All
</Files>

If you want to deny access to specific file config.php, then update the above configuration to

<Files config.php>
 order allow,deny
 Deny from all
</Files>


Deny Access to hidden files

If you want to restrict access to hidden files on your website, with file names beginning with dot(.) then add the following line to .htaccess.

RedirectMatch 403 /\..*$


Deny Access to folder

If you want to restrict access to specific folder such as /data then add the following lines to your .htaccess file.

RewriteEngine On
RewriteRule (^|/)data(/|$) - [F]


Restrict Access to URL Path

If you want to restrict access to specific URL path /data/abc.php, then add the following lines to .htaccess file.

RewriteEngine On
RewriteRule ^data/abc.php$ - [F]


Restrict Access from IP address

If you want to block access from a specific IP address, then add the following line to .htaccess file.

deny from 123.26.24.100

If you want to block access from IP range 123.26.24.1 to 123.26.24.255 then drop the last octet from IP address

deny from 123.26.24.


3. Restart Apache Server

Restart apache server to apply changes.

$ sudo service apache2 restart

In this article, we have seen different ways to block access to URL paths, whether it is a single URL, file or a folder. Depending on your requirement, you need to add the appropriate code block described above.

Also read:

How to Pass Parameters to Shell Script Functions
How to Force NGINX to Serve New Static Files
How to Return Value in Shell Script Functions
How to Retrieve POST data in Django
How to Temporarily Disable Foreign Key Checks in MySQL