HostOnNet Blog

Apache Limit Access to a folder

I was working on a site that have “cache” folder inside DocumentRoot of Apache. Since this is a cache folder used by the PHP application, it need to be writable by apache user.

We need to prevent access to this folder. This can be done by adding .htaccess file to cache folder with following content.

deny from all

The problem with this solution is if the .htaccess file get deleted, cache folder become public again. Since it is cache folder, there is high chance it get deleted.

Another solution is to disable access from inside Apache Virtual Host configuration for the web site. This can be done by adding following code to Apache VirtualHost entry for the web site.

    <Directory /path/to/folder/>
        Order Deny,allow
        Deny from all
    </Directory>

Example VirtualHost Configuration

<VirtualHost *:80>
    ServerAdmin admin@hostonnet.com
    DocumentRoot /var/www/html
    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined
    <Directory "/var/www/html">
        Options All
        AllowOverride All
        Require all granted
        Order allow,deny
        allow from all
    </Directory>
    <Directory /var/www/html/cache/>
        Order Deny,allow
        Deny from all
    </Directory>
</VirtualHost>

See Apache, htaccess


Posted in Linux