Protecting Certain Files And Folders From View Within A Public Folder

Today I've been struggling with this for a while. What I am trying to accomplish is that I need to block all users from acessing a certain php files and images and more things (the

Solution 1:

Protecting only certain files and folders

1st solution

Next example shows how to protect two .php files, two folders and two .jpg images. Everything else should remain accessible.

Create an .htaccess file and place it within the folder there the protected assets are

# .htaccess
<FilesMatch ^((001|002)\.php$|folder-001|folder-002|(image-001|image-002)\.jpg)$>
    AuthUserFile /absolute-path-to-the-password-file/.htpasswd
    AuthName "Private Area"
    AuthType Basic
    Require valid-user
</FilesMatch>

Then create an encrypted password - use this site htpasswd generator

Create an .htpasswd and place it outside of your public_html folder. It contains an username and password generated from the service mentioned above.

# .htpasswdusername:j9mKJ6TCrsbSk

As you can see, the files above will be password protected

2nd solution

You may use the next solution as well

# .htaccess
<FilesMatch ^((001|002)\.php$|folder-001|folder-002|(image-001|image-002)\.jpg)$>
    Deny from all
</FilesMatch>

This solution doesn't need the .htpasswd part but files listed in FilesMatch directive will be inaccessible for anyone.

---

Tested on Debian 7 / Apache 2