Recipe 6.22 Protecting All Files Except a Subset

Problem

You want to deny all web access to files in a directory, except for those with a particular extension (i.e., a directory with HTML files in it, where you don't want other files to be accessible).

Solution

Use a Files container in a Directory container to limit where authentication is required:

<Directory "/usr/local/apache/htdocs">
    Satisfy All
    Order allow,deny
    Deny from all
    <Files *.html>
        Order deny,allow
        Allow from all
        Satisfy Any
    </Files>
</Directory>

Discussion

This method can be easily extended to apply to arbitrary filename patterns using shell global characters. To extend it to use regular expressions for the filename, use the <FilesMatch> directive instead.

See Also

• http://httpd.apache.org/docs/mod/mod_access.html