InMotion Hosting Support Center

For security reasons, many users like to protect directories from intrusion. This prevents people from injecting php or other malicious code or scripts into the directories. However, locking down a directory entirely may prevent access to specific tile types you do wish people to view, such as images. The instructions below will explain how to lock down a directory from access while still allowing any file of a given type to be accessed by setting up code in your .htaccess file.

How to allow access to certain file types for protected directories via htaccess

  1. Log into your cPanel cPanel dashboard.
  2. From the main cPanel page, use the File Manager to access the root folder of your domain. Be sure you have the Show Hidden Files (dotfiles) option selected as we will be editing the .htaccess file.
  3. Now that you are in the root folder for the directory, find the folder you wish to protect and click it to enter that directory.
  4. Once inside the folder you want to protect, check to see if there is an existing . .htaccess file. If not, you will need to create a new one by clicking the New File button in the upper toolbar and naming it .htaccess (be sure to place the . at the front!). Once you find or create the .htaccess file, open the file for editing.
  5. Now that you are in the editor, we will set the directory to be very secure, denying access for all file types. Below is the code you want to insert into the .htaccess file.
    Order Allow,Deny
    Deny from all
  6. Since we have now set the security, we now want to allow access to our desired file types. To do that, add the code below to the .htaccess file under the security code you just inserted.
    <FilesMatch "\.(jpg|gif|png)$">
    Order Deny,Allow
        Allow from all
    The first line of code is the one you will need to modify to add or change the file types you wish to allow. Our example allows image types that end with file extensions jpg, gif, or png) You can replace those or add to them to allow more. Be sure to include the pipe character,|, between the file types.
  7. After you enter the code for the file types you wish to allow access to, click the Save Changes button to activate the code.
Was this article helpful?

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Forum Login

You are NOT logged in. You can still browse our Support Center.

To participate within our Community Support Forum:

n/a Points
2017-02-27 10:52 pm

Code not working!

13,821 Points
2017-02-28 9:18 am
It works for us as expected. IF you're not hosted with us you may need to reach out to your host.
n/a Points
2016-06-10 7:29 am

Hi i wrote code to allow .sql file in .htaccess file in last row

<FilesMatch "\.(sql)$">Order Deny,Allow    Allow from all</FilesMatch>


but still i am getting the 403 forbidden error in my site


pls help me out how to over come from this 

42,829 Points
2016-06-10 11:49 am
Hello Venky4c6,

That won't work, as the SQL files are not allowed across HTTP (nor would it be read).

If you have any further questions, please let us know.

Kindest regards,
Arnel C.

Post a Comment

Email Address:
Phone Number:

Please note: Your name and comment will be displayed, but we will not show your email address.

4 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?


Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail:
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!