Allow access to specific file types in a protected directory

For security reasons, many users like to protect directories from intrusion. This prevents people from injecting php or other malicious code or scripts into the directories. However, locking down a directory entirely may prevent access to specific tile types you do wish people to view, such as images. The instructions below will explain how to lock down a directory from access while still allowing any file of a given type to be accessed by setting up code in your .htaccess file.

How to allow access to certain file types for protected directories via htaccess

Log into your cPanel cPanel dashboard.
From the main cPanel page, use the File Manager to access the root folder of your domain. Be sure you have the Show Hidden Files (dotfiles) option selected as we will be editing the .htaccess file.
Now that you are in the root folder for the directory, find the folder you wish to protect and click it to enter that directory.
Once inside the folder you want to protect, check to see if there is an existing . .htaccess file. If not, you will need to create a new one by clicking the New File button in the upper toolbar and naming it .htaccess (be sure to place the . at the front!). Once you find or create the .htaccess file, open the file for editing.
Now that you are in the editor, we will set the directory to be very secure, denying access for all file types. Below is the code you want to insert into the .htaccess file.

Order Allow,Deny
Deny from all
Since we have now set the security, we now want to allow access to our desired file types. To do that, add the code below to the .htaccess file under the security code you just inserted.

<FilesMatch "\.(jpg|gif|png)$">
Order Deny,Allow
Allow from all
</FilesMatch>
The first line of code is the one you will need to modify to add or change the file types you wish to allow. Our example allows image types that end with file extensions jpg, gif, or png) You can replace those or add to them to allow more. Be sure to include the pipe character,|, between the file types.
After you enter the code for the file types you wish to allow access to, click the Save Changes button to activate the code.

Was this article helpful?

News / Announcements

Forum Login

You are NOT logged in. You can still browse our Support Center.

To participate within our Community Support Forum:

Recent Articles

InMotion Hosting

InMotionFans

n/a Points

2017-02-27 10:52 pm

Code not working!

13,821 Points

2017-02-28 9:18 am

It works for us as expected. IF you're not hosted with us you may need to reach out to your host.

InMotionFans

n/a Points

2016-06-10 7:29 am

Hi i wrote code to allow .sql file in .htaccess file in last row

<FilesMatch "\.(sql)$">Order Deny,Allow Allow from all</FilesMatch>

but still i am getting the 403 forbidden error in my site

pls help me out how to over come from this

Staff

42,829 Points

2016-06-10 11:49 am

Hello Venky4c6,

That won't work, as the SQL files are not allowed across HTTP (nor would it be read).

If you have any further questions, please let us know.

Kindest regards,
Arnel C.

Name:
Email Address:
Phone Number:
Comment:

Submit	Please note: Your name and comment will be displayed, but we will not show your email address.

4 Questions & Comments

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat:	Click to Chat Now	E-mail:	support@InMotionHosting.com
Call:	888-321-HOST (4678)	Ticket:	Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!