How to trigger 403 Forbidden for certain directories?

Hey guys,

Does anyone here know how to trigger a 403 Forbidden error for a certain directory? Imagine I want to block:


How can I block access to that directory? I don’t want to use authentication, just completely block it (like .htaccess “Deny from all”).

Thanks for reading :slight_smile:

1 Like

Remove read permissions from it: chmod -r files

But that prevents PHP from reading the files inside it, right? I need PHP to read some of the files inside that folder while blocking people from accessing it directly.

Oh, so is this a PHP question?

(Did you look at the rewrite directive?)

Imagine I have a db.sqlite file, I want to block direct access to that file while still allowing PHP to open it. Hope it’s more clear now :slight_smile:

I managed to achieve a pretty hackish rewrite to rewrite all requests against /files to 403.html, but I was looking for a more proper solution.

Edit: Nevermind, I just found out I can trigger a “403 Forbidden”:

rewrite {
    regexp ^/files
    status 403

Thanks for the help :slight_smile:


I don’t even think you need a regular expression:

status 403 /files

If people are doing that ^ frequently enough, we could make it a new directive. ext is already just a special case of rewrite because it’s very common and useful.

forbid <path>

or, for 404:

hide <path>

Like ext, these would be small middlewares. … Anyway, just a thought.


Or internal can support status codes instead. e.g. internal /files 403

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.