Allow access to specific file types in a protected directory

For security reasons, many users like to protect directories from intrusion. This prevents people from injecting php or other malicious code or scripts into the directories. However, locking down a directory entirely may prevent access to specific tile types you do wish people to view, such as images. The instructions below will explain how to lock down a directory from access while still allowing any file of a given type to be accessed by setting up code in your .htaccess file.

How to allow access to certain file types for protected directories via htaccess

  1. Log into your cPanel cPanel dashboard.
  2. From the main cPanel page, use the File Manager to access the root folder of your domain. Be sure you have the Show Hidden Files (dotfiles) option selected as we will be editing the .htaccess file.
  3. Now that you are in the root folder for the directory, find the folder you wish to protect and click it to enter that directory.
  4. Once inside the folder you want to protect, check to see if there is an existing . .htaccess file. If not, you will need to create a new one by clicking the New File button in the upper toolbar and naming it .htaccess (be sure to place the . at the front!). Once you find or create the .htaccess file, open the file for editing.
  5. Now that you are in the editor, we will set the directory to be very secure, denying access for all file types. Below is the code you want to insert into the .htaccess file.Order Allow,Deny
    Deny from all
  6. Since we have now set the security, we now want to allow access to our desired file types. To do that, add the code below to the .htaccess file under the security code you just inserted.<FilesMatch ".(jpg|gif|png)$">
    Order Deny,Allow
        Allow from all

    The first line of code is the one you will need to modify to add or change the file types you wish to allow. Our example allows image types that end with file extensions jpg, gif, or png) You can replace those or add to them to allow more. Be sure to include the pipe character,|, between the file types.
  7. After you enter the code for the file types you wish to allow access to, click the Save Changes button to activate the code.

Thoughts on “Allow access to specific file types in a protected directory

  • Hi i wrote code to allow .sql file in .htaccess file in last row

    <FilesMatch “\.(sql)$”>
    Order Deny,Allow
        Allow from all


    but still i am getting the 403 forbidden error in my site


    pls help me out how to over come from this 

    • Hello Venky4c6,

      That won’t work, as the SQL files are not allowed across HTTP (nor would it be read).

      If you have any further questions, please let us know.

      Kindest regards,
      Arnel C.

Was this article helpful? Let us know!