Hello,
This is on a ubuntu 16.04 LTS system running apache 2.4.18 (mpm_event) with php
7.0 running in php-fpm mode.
I wish to completely block access to a directory in my document root except to
a set of ip addresses but it’s not working and I am trying to figure out what
is happening.
My .htaccess settings only seem to apply when only accessing the directory, but
not when I access a file IN that directory.
Is there a setting that allows access to files if explicitly referenced to in
the url?
Here are my tests:
Directory name: <documentroot>/opcache
.htaccess contents: “require all denied”
access to https://<myserver>/opcache is forbidden (OK!)
access to https”//<myserver>/opcache/test.php is allowed. (What?)
The same thing happens if I don’t use a .htaccess file but instead define a
<Directory> section in my apache config.
Why would this happen?
—jason
Jason Brooks Systems Administrator
eROI Performance is Art.
m: 505 nw couch #300 w: eroi.com <http://eroi.com/>
t: 503.290.3105 f: 503.228.4249
fb: fb.com/eROI <http://www.facebook.com/eROI>
