I'm using .htaccess to protect directories from access for the first time, and something is happening that I don't understand.
The change I made is very simple: I added the following .htaccess file to several subdirectories in my document root:
This should deny users access to all files in each directory, while allowing the server to have access.Code:<Files *> Deny from all </Files>
On one web site (production) this worked. On another (staging) it didn't. Every web page's images failed to appear.
I think I understand why the images fail to appear on the staging site: to the server a browser's request for an image looks just like a user's request for a page, and it denies both. Right?
If that's right, I baffled about why images continue appear on the production site. I thought they might be cached, but I cleared the cache and it seemed to make no difference.
I also wonder whether there's any way to do what I originally intended: deny the user direct access to a directory or file while continuing to allow an HTML page to reference it.
Reply With Quote
Bookmarks