For security reasons, many users like to protect directories from intrusion. This prevents people from injecting php or other malicious code or scripts into the directories. However, locking down a directory entirely may prevent access to specific tile types you do wish people to view, such as images. The instructions below will explain how to lock down a directory from access while still allowing any file of a given type to be accessed by setting up code in your .htaccess file.

How to allow access to certain file types for protected directories via htaccess

  1. Log into your cPanel cPanel dashboard.
  2. From the main cPanel page, use the File Manager to access the root folder of your domain. Be sure you have the Show Hidden Files (dotfiles) option selected as we will be editing the .htaccess file.
  3. Now that you are in the root folder for the directory, find the folder you wish to protect and click it to enter that directory.
  4. Once inside the folder you want to protect, check to see if there is an existing . .htaccess file. If not, you will need to create a new one by clicking the New File button in the upper toolbar and naming it .htaccess (be sure to place the . at the front!). Once you find or create the .htaccess file, open the file for editing.
  5. Now that you are in the editor, we will set the directory to be very secure, denying access for all file types. Below is the code you want to insert into the .htaccess file.
    Order Allow,Deny
    Deny from all
  6. Since we have now set the security, we now want to allow access to our desired file types. To do that, add the code below to the .htaccess file under the security code you just inserted.
    <FilesMatch "\.(jpg|gif|png)$">
    Order Deny,Allow
        Allow from all
    </FilesMatch>
    The first line of code is the one you will need to modify to add or change the file types you wish to allow. Our example allows image types that end with file extensions jpg, gif, or png) You can replace those or add to them to allow more. Be sure to include the pipe character,|, between the file types.
  7. After you enter the code for the file types you wish to allow access to, click the Save Changes button to activate the code.
Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve our Support Center:
Email Address
Optional, but our team may contact you for more information.
Like this Article?

Post a Comment

Name:
Email Address:
Comment:
Are you a bot?
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

Write New!
Do you want to publish a tutorial to our support center?

News / Announcements

SSL Certficate Warnings
Updated 2014-04-14 11:34 am EST
Hits: 2172
Heartbleed 0-day OpenSSL security bug
Updated 2014-04-14 04:43 pm EST
Hits: 5567

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!