Hey guys,
Does anyone here know how to trigger a 403 Forbidden error for a certain directory? Imagine I want to block:
/filesHow can I block access to that directory? I don’t want to use authentication, just completely block it (like .htaccess “Deny from all”).
Thanks for reading 
Remove read permissions from it: chmod -r files
But that prevents PHP from reading the files inside it, right? I need PHP to read some of the files inside that folder while blocking people from accessing it directly.
Imagine I have a db.sqlite file, I want to block direct access to that file while still allowing PHP to open it. Hope it’s more clear now
I managed to achieve a pretty hackish rewrite to rewrite all requests against /files to 403.html, but I was looking for a more proper solution.
Edit: Nevermind, I just found out I can trigger a “403 Forbidden”:
rewrite {
regexp ^/files
status 403
}
Thanks for the help
I don’t even think you need a regular expression:
status 403 /files
If people are doing that ^ frequently enough, we could make it a new directive. ext is already just a special case of rewrite because it’s very common and useful.
forbid <path>
or, for 404:
hide <path>
Like ext, these would be small middlewares. … Anyway, just a thought.
Or internal can support status codes instead. e.g. internal /files 403
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.