Restricting Access to Directories / htaccess help please

**scarpariso** · 08-22-2008, 09:47 AM

Hello, I've recently put htaccess on the /images directory of my site which has consequently made my site spaz out as there are images from that directory displayed on the site. Is removing htaccess possible? I want to put it as it was before i put that restriction on.

Also, as htaccess doesn't appear to do what i thought, how do i restrict access to directories yet still be able to link material from them? Like if the /images folder had images in which i wanted everyone to see on my site but if they went to http://example.com/images they wouldn't be allowed.

Also, is there a way to do this for everything else? I'm using wordpress and it seems anybody can look though my web statistics and admin panel and current versions of plugins etc, so that isn't too wonderful.
Any help is appreciated

**Kevin** · 08-22-2008, 01:39 PM

People shouldn't be able to access your wordpress admin panel unless they are logged in and set as an administrator. That shouldn't be a problem unless your wordpress has been compromised.

You can't see files starting with a . before them as Linux considered them "hidden" The solution is to set your FTP client to "show hidden files" or you can enter the "images" directory and if you can use the client to run a custom command, you can type "dele .htaccess" to remove it.

If you just want to hide the directory listings and not deny access to the files, put this in the .htaccess:

Code:

Options -Indexes

If you want to use password protection in certain paths, see this tutorial:

https://support.steadfast.net/index....eid=23&nav=0,1

**scarpariso** · 08-23-2008, 11:23 AM

Thanks for the reply Kevin, I made the htaccess file and everything is fine now.

Just wondering, i've tried using mod_rewrite to prevent hotlinking but it doesn't seem to work. Do the servers allow this command?

**Kevin** · 08-25-2008, 02:12 PM

It should allow you to do hotlinking protection using mod_rewrite. Some of the guides I've found have errors in the rules they suggest though. If you want to paste the code you're trying to use someone might be able to spot an issue.

**scarpariso** · 08-26-2008, 08:58 AM

This is my .htaccess file as it looks now

Code:

Options -Indexes
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mysite.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|js|css|mp3)$ - [NC,F,L]
ErrorDocument 400 /errors/badrequest.html
ErrorDocument 401 /errors/authreqd.html
ErrorDocument 403 /errors/forbid.html
ErrorDocument 404 /errors/notfound.html
ErrorDocument 405 /errors/methnotallowed.html
ErrorDocument 500 /errors/serverr.html
ErrorDocument 501 /errors/methnotimp.html

I've tried this without

Code:

Options +FollowSymlinks

too but both failed. I've also tried limiting the number of file extensions listed and different versions from different sites.

It's probably something very simple but I don't know what i'm talking about