Htaccess Deny Access to File Extension Example

Hi Dev,

In this short tutorial we will cover an htaccess deny access to file extension. let’s discuss about htaccess restrict access to file extension. This article will give you simple example of htaccess deny access to php files in uploads folder. step by step explain prevent direct access to php file htaccess. You just need to some step to done htaccess disable file extension access.

Sometime we are creating "uploads" directory and all files will store on that directory that user uploaded. so maybe someone upload some script then it can hack our website as well. so we can prevent this type of file extension access from url using .htaccess.

we can deny to access by file extension like php, rb, py etc. as like bellow.

let's see bellow solutions:

Example 1:

you can not access php, rb, py files inside that folder:

.htaccess

RewriteEngine On
  
RewriteRule ^uploads/.*\.(php|rb|py)$ - [F,L,NC]

you can not access following files:

/uploads/test.php
/uploads/demo.php
/uploads/test2.php

Example 2:

you can not access php, rb, py files inside that folder:

.htaccess

<FilesMatch "\.(?:inc|php|py|rb)$">
Order allow,deny
Deny from all
</FilesMatch>

you can not access following files:

/test.php
/uploads/demo.php
/uploads/test2.php

i hope it can help you...