Deny access to all folders except a few ones using htaccess

Question

My webproject is stored into /var/www/vhosts/domain.tld/httpdocs/

HTACCES-file that I will list below contains the following:

# Refuse direct access to all files
Order deny,allow
Deny from all
Allow from 127.0.0.1

<Directory /uploads/images/pages>
    Order Deny,Allow
    Allow from all
</Directory>

.htaccess file is stored into the folder files under the root. So the full path is: /var/www/vhosts/domain.tld/httpdocs/files/

Contents for the folder "files":

backups
    backup1.zip
    backup2.zip
    ...
mails
    mail1.html
    mail2.html
    ...
templates
    temlpate.html
    ...
uploads
    files
        manual.pdf
        ...
    images
        pages
            picture1.png
            picture2.jpg
            ...
        store
            picture1.png
            picture2.jpg
            ...
.htaccess <--- previous code block with htaccess code is for that file

What I'm actually trying to do, is to protect every folder from direct access, except the following:

• uploads/files/
• uploads/images/pages/
• uploads/images/store/

Every file in these folders may be accessed directly

On using .htaccess as described above I'm getting 500 error page. When using only first 4 rows from example (no exceptions) the code works just fine.

Answer 1

You are getting a 500 error because the <Directory> container cannot be used in an htaccess file (which is essentially all inside a directory container for the directory that it's in). What you need to do is remove the <Directory> container from your htaccess file, and leave the Deny from all bit:

htaccess file in your document root:

# Refuse direct access to all files
Order deny,allow
Deny from all
Allow from 127.0.0.1

Then create an htaccess file in the uploads/files/, uploads/images/pages/ and uploads/images/store/ (and whatever other directories that you want to allow access to):

Allow from all