Prevent access to files in a certain folder

Just add a .htaccess file with the code Deny from all to the folder.

More info at http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html


  1. Create .htaccess file inside the desired folder with the following contents:

    Deny from all

  2. Edit apache2.conf or httpd.conf, whatever you find in Apache2 directory (probably located in /etc/apache2). You'll need to edit/check the following:

    AllowOverride ALL (in the related <Directory> tag)

    AccessFileName .htaccess

  3. Edit your site's configuration file only in case you have a <Directory> tag specified inside it and add the following line:

    AllowOverride ALL

  4. Restart your Apache2 server

    service apache2 restart

The above steps are all meant for Linux environments. The same instructions would work well for Windows environments except for the paths and the server restart command.

Reference: http://www.cyberciti.biz/faq/apache-htaccess/


Add this to the .htaccess file:

order deny,allow
deny from all

Apache 2.4 now uses a different way to do this so the method that works for Apache 2.2 will not work. See below for the method that will work for Apache 2.4. Place this in your Apache .htaccess file or better yet in a <Directory> directive in the Apache .conf file for your site.

Using .htaccess:

If using Apache 2.2:

order deny,allow
deny from all

If using Apache 2.4 use:

Require all denied

Using Apache Configuration files:

Instead of using a .htaccess file, it is usually preferred to place the configuration directly in your Apache .conf file as follows:

<Directory "/var/www/mysite">
    Require all denied
</Directory>

Or if using a virtual host:

<VirtualHost *:80>
    ### Other configuration here ###
    <Directory "/var/www/mysite">
        Require all denied
    </Directory>
    ### Other configuration here ###
</VirtualHost>

Of course the above configurations are examples, and you will need to adjust according to your requirements.