Access to One File in Locked Directory

It's possible to lock a directory so no browser or internet robot can access any files in it.

It's a wonderful place for logs and other files with content that's nobody's business but yours. Just because it's locked to internet access, however, doesn't mean it's locked to software running on your server.

Here is the one line to put into the .htaccess file located in the directory to be locked.

Deny from all

The above is explained in the Effective Block for Browsers and Bots Willmaster Library article.

This article describes how to permit access to a specific page within that otherwise-locked directory.

It might be access to a log file you're temporarily granting access to. Or a sales page. Perhaps a page describing why they can't access anything else in the directory.

Whatever your reason might be, access can be granted to a specific page with the following lines in the locked directory's .htaccess file.

SetEnvIf REQUEST_URI /page.php$ let_me_in=1
Order Deny,Allow
Deny from all
Allow from env=let_me_in

Replace page.php with the file name of the page to grant public access to.

The let_me_in label may be changed if you prefer a different label. Just make certain all instances of let_me_in are changed the same way.

When the lines are published in the .htaccess file located in the otherwise-locked directory, browser and robot access to the specified file is permitted without granting access to anything else.

There is a way to grant access to more than one specific file.

To do that, repeat the first line of the .htaccess code provided above for each file to grant access to. That would be repeating the SetEnvIf… line. Here is the .htaccess code that grants access to three files.

SetEnvIf REQUEST_URI /a-page.php$ let_me_in=1
SetEnvIf REQUEST_URI /another-page.php$ let_me_in=1
SetEnvIf REQUEST_URI /a-third-page.php$ let_me_in=1
Order Deny,Allow
Deny from all
Allow from env=let_me_in

The above grants internet access to a-page.php, another-page.php, and a-third-page.php.

Add and remove the SetEnvIf… lines as appropriate for your intent.

Locked directories do come in so very handy for confidential files that nevertheless need to be on the server, such as log files that continually get updated. It is also a good temporary location for backup files server software makes for you.

Unless specific access is granted, no locked-directory file can be accessed by internet robot or browser. You now know how to grant that specific access as necessary.

(This article first appeared in Possibilities newsletter.)

Will Bontrager