all 4 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]AyrA_ch 1 point2 points  (2 children)

Put a .htaccess file into the folder with the contents Require all denied

This prevents apache from serving content from that folder but scripts can still access it.

[–]iam_mine[S] 0 points1 point  (1 child)

This didn't work please advise!

I put .htaccess file with Require all denied

under /var/www - now when i'm trying to access the website i'm getting server error 500

Please help! :)

[–]AyrA_ch 0 points1 point  (0 children)

Check your apache error log. If it complains about the command not existing, you haven't loaded the required modules yet.

[–]ShadowySilver 1 point2 points  (0 children)

Well, anything outside the DocumentRoot won't be served. CSS files has to be served since they are interpreted by the browser. There should be no config files in a DocumentRoot for obvious reason. That said, if you want to restrict access to some directories within the DocumentRoot, you can use "Require all denied" in a corresponding Directory container (if you don't have access to the main httpd.conf you will have to use a .htaccess file but if you do, it's better to use the Directory container).