How to avoid apache allow download certain files?
Clash Royale CLAN TAG#URR8PPP
up vote
2
down vote
favorite
How to avoid apache allow download certain files? (for example .py and .sh)
I want to avoid files to be served and downloaded like
www.site.com/file.sh
www.site.com/file.py
but I've tried to do this
<Files ~ "^.sh">
Order deny,allow
deny from all
</Files>
<Files ~ "^.py">
Order deny,allow
deny from all
</Files>
also this
<FilesMatch ".(sh|py)$">
Order deny,allow
deny from all
</FilesMatch>
Nothings seems to work, I've tried to put the file in
/etc/apache2/apache2.conf
also
/etc/apache2/sites-available/default
Nothing works, apache still let me download the files.
permissions security apache-httpd
add a comment |Â
up vote
2
down vote
favorite
How to avoid apache allow download certain files? (for example .py and .sh)
I want to avoid files to be served and downloaded like
www.site.com/file.sh
www.site.com/file.py
but I've tried to do this
<Files ~ "^.sh">
Order deny,allow
deny from all
</Files>
<Files ~ "^.py">
Order deny,allow
deny from all
</Files>
also this
<FilesMatch ".(sh|py)$">
Order deny,allow
deny from all
</FilesMatch>
Nothings seems to work, I've tried to put the file in
/etc/apache2/apache2.conf
also
/etc/apache2/sites-available/default
Nothing works, apache still let me download the files.
permissions security apache-httpd
Of course, this just means someone will simply rename the files with a.txt
extension.
â Andrew Henle
Aug 15 at 15:27
add a comment |Â
up vote
2
down vote
favorite
up vote
2
down vote
favorite
How to avoid apache allow download certain files? (for example .py and .sh)
I want to avoid files to be served and downloaded like
www.site.com/file.sh
www.site.com/file.py
but I've tried to do this
<Files ~ "^.sh">
Order deny,allow
deny from all
</Files>
<Files ~ "^.py">
Order deny,allow
deny from all
</Files>
also this
<FilesMatch ".(sh|py)$">
Order deny,allow
deny from all
</FilesMatch>
Nothings seems to work, I've tried to put the file in
/etc/apache2/apache2.conf
also
/etc/apache2/sites-available/default
Nothing works, apache still let me download the files.
permissions security apache-httpd
How to avoid apache allow download certain files? (for example .py and .sh)
I want to avoid files to be served and downloaded like
www.site.com/file.sh
www.site.com/file.py
but I've tried to do this
<Files ~ "^.sh">
Order deny,allow
deny from all
</Files>
<Files ~ "^.py">
Order deny,allow
deny from all
</Files>
also this
<FilesMatch ".(sh|py)$">
Order deny,allow
deny from all
</FilesMatch>
Nothings seems to work, I've tried to put the file in
/etc/apache2/apache2.conf
also
/etc/apache2/sites-available/default
Nothing works, apache still let me download the files.
permissions security apache-httpd
permissions security apache-httpd
edited Aug 22 at 14:42
asked Aug 8 at 17:48
Hernán Eche
666
666
Of course, this just means someone will simply rename the files with a.txt
extension.
â Andrew Henle
Aug 15 at 15:27
add a comment |Â
Of course, this just means someone will simply rename the files with a.txt
extension.
â Andrew Henle
Aug 15 at 15:27
Of course, this just means someone will simply rename the files with a
.txt
extension.â Andrew Henle
Aug 15 at 15:27
Of course, this just means someone will simply rename the files with a
.txt
extension.â Andrew Henle
Aug 15 at 15:27
add a comment |Â
1 Answer
1
active
oldest
votes
up vote
5
down vote
accepted
Your file match clauses seem to be incorrect.
<Files ~ "^.py">
will match files whose names will start with characters .py
. You'll want
<Files ~ ".py$">
instead.
But your FilesMatch
regular expression looks correct. So maybe the problem lies elsewhere. Perhaps your Apache uses the new-style access control directives only?
Try replacing the old-style
Order deny,allow
deny from all
with the new-style equivalent:
Require all denied
Done!, the <Files> fix, fixed the issue, in /etc/apache2/apache2.conf
â Hernán Eche
Aug 15 at 20:13
FilesMatch doesn't seem to work in this apache v 2.2
â Hernán Eche
Aug 15 at 20:16
add a comment |Â
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
5
down vote
accepted
Your file match clauses seem to be incorrect.
<Files ~ "^.py">
will match files whose names will start with characters .py
. You'll want
<Files ~ ".py$">
instead.
But your FilesMatch
regular expression looks correct. So maybe the problem lies elsewhere. Perhaps your Apache uses the new-style access control directives only?
Try replacing the old-style
Order deny,allow
deny from all
with the new-style equivalent:
Require all denied
Done!, the <Files> fix, fixed the issue, in /etc/apache2/apache2.conf
â Hernán Eche
Aug 15 at 20:13
FilesMatch doesn't seem to work in this apache v 2.2
â Hernán Eche
Aug 15 at 20:16
add a comment |Â
up vote
5
down vote
accepted
Your file match clauses seem to be incorrect.
<Files ~ "^.py">
will match files whose names will start with characters .py
. You'll want
<Files ~ ".py$">
instead.
But your FilesMatch
regular expression looks correct. So maybe the problem lies elsewhere. Perhaps your Apache uses the new-style access control directives only?
Try replacing the old-style
Order deny,allow
deny from all
with the new-style equivalent:
Require all denied
Done!, the <Files> fix, fixed the issue, in /etc/apache2/apache2.conf
â Hernán Eche
Aug 15 at 20:13
FilesMatch doesn't seem to work in this apache v 2.2
â Hernán Eche
Aug 15 at 20:16
add a comment |Â
up vote
5
down vote
accepted
up vote
5
down vote
accepted
Your file match clauses seem to be incorrect.
<Files ~ "^.py">
will match files whose names will start with characters .py
. You'll want
<Files ~ ".py$">
instead.
But your FilesMatch
regular expression looks correct. So maybe the problem lies elsewhere. Perhaps your Apache uses the new-style access control directives only?
Try replacing the old-style
Order deny,allow
deny from all
with the new-style equivalent:
Require all denied
Your file match clauses seem to be incorrect.
<Files ~ "^.py">
will match files whose names will start with characters .py
. You'll want
<Files ~ ".py$">
instead.
But your FilesMatch
regular expression looks correct. So maybe the problem lies elsewhere. Perhaps your Apache uses the new-style access control directives only?
Try replacing the old-style
Order deny,allow
deny from all
with the new-style equivalent:
Require all denied
answered Aug 15 at 18:46
telcoM
11.4k11333
11.4k11333
Done!, the <Files> fix, fixed the issue, in /etc/apache2/apache2.conf
â Hernán Eche
Aug 15 at 20:13
FilesMatch doesn't seem to work in this apache v 2.2
â Hernán Eche
Aug 15 at 20:16
add a comment |Â
Done!, the <Files> fix, fixed the issue, in /etc/apache2/apache2.conf
â Hernán Eche
Aug 15 at 20:13
FilesMatch doesn't seem to work in this apache v 2.2
â Hernán Eche
Aug 15 at 20:16
Done!, the <Files> fix, fixed the issue, in /etc/apache2/apache2.conf
â Hernán Eche
Aug 15 at 20:13
Done!, the <Files> fix, fixed the issue, in /etc/apache2/apache2.conf
â Hernán Eche
Aug 15 at 20:13
FilesMatch doesn't seem to work in this apache v 2.2
â Hernán Eche
Aug 15 at 20:16
FilesMatch doesn't seem to work in this apache v 2.2
â Hernán Eche
Aug 15 at 20:16
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f461330%2fhow-to-avoid-apache-allow-download-certain-files%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Of course, this just means someone will simply rename the files with a
.txt
extension.â Andrew Henle
Aug 15 at 15:27