Htaccess help for denying all request except from one page

Website URL :

newbie in php language here and was woundering if there is a way to prevent access to a vital folder of my website from all except a certain php page . and if there is a way to do so can i just access the folders content via directory path/to/secret/folder or i have to request the data in some other way from the page (that i want to be only way to access said folder)
any detailed information about the website would be the folder i like to lock is inside htdocs (public folder) the content inside the folder i want locked is images
any help would be welcome

thanks in advance

Using or editing .htaccess. I hope this could help you


Thank you very much .
I will check it out right now

so here is the piece of code i want to use or at least semilar

RewriteEngine on
RewriteCond %{HTTP_REFERER} [NC,OR]
RewriteCond %{HTTP_REFERER}
RewriteRule .* - [F]

however i want to use it like so

RewriteEngine on
RewriteCond %{HTTP_REFERER} ! steht zum Verkauf - Sedo GmbH [NC,OR]
RewriteRule .* - [F]

so i can deny access to said folder except by the php that i want is this even possible or should i give up on trying to fix it with htaccess

Make .htaccess file inside your restricted folder.
Its code:

Order allow,deny
Deny From All
<FilesMatch "^processing\.php$">
Allow From All

does not work
thanks for trying to help

It’s weird. I already try it myself.

Check this:
I created a folder test on my subdomain.
After that, I created 4 files inside it: .htaccess, index.php, page.php, & allow.php.
I configured that .htaccess file so people only can access allow.php file on that folder.
If someone access except allow.php file, they will be redirected to forbidden page. (you can access this page) (you can’t access this page & the rest inside that folder)

Its .htaccess code is same:

Order allow,deny
Deny From All
<FilesMatch "^allow\.php$">
Allow From All

Only changed processing.php to allow.php accord to my files structure.


alright man i think i should be more clear in my question sorry for that
i have a folder which contains 4 subfolders each containing images
i want access to this folder its subfolders and files(images) denied to all except coming from a file.php so .htaccess goes inside main restriced folder .
and the .htaccess >>>path to >>> file.php would be “…/inc/file.php”
if this would be possible i wont have to use script and have to use less hits per user

so all of this could be as easy as placing the files out side of htdocs(out side of public folder)
which in infinityfree is not allowed ?

As far as I understand,this is an example for what you want:
I created 4 folders inside my previous test folder: one, two, three, four, & inc
& inside inc folder I created file.php file.

I changed my .htaccess file code to:

RewriteEngine On
RewriteRule ^inc/file\.php - [L]
RewriteRule ^allow\.php - [L]
RewriteRule ^ - [L,F]

So there are 2 allowed files to access: (this is an example for your file?) (you can remove this on that code)


still does not work man
it denies access to the images but it denies it coming from file.php too
hence it wont echo out the images

I still don’t understand what you want.

So,you mean you want to forbid access to the images, but still want to view them on file.php file (for example by using <img> html tag)?
No code can do it. You can choose one choice, man. :smile:

Once you forbid access to public,then public can’t access it.
Even if you can allow file.php to access the images, but in the end you or some people that access file.php are public. The images won’t be generated.

But you can make certain people to access them, for example your IP or/and your hosting IP (file.php).

so your hosting ip(file.php) if this is possible this would do it , wouldnt it ?
the filephp would be public but the images priavte and visitors request filephp which requests images , would that be possible

I found this one, hope this could help you:

<FilesMatch ".(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">

Order Allow,Deny

Deny from all

Allow from

Change the into your ip address
Add a directory or folder or file inside the FilesMatch, like you see above.

Hello katufo
thanks again for the replay.
With my little knowledge i think this prevents access from certain files except requested by the given ip.
If this is the case iam afraid it will not do because in the end diffrent people will request thier images from diffrent ips and should get them (the purpose of the site)
What i specificaly want is for the folder or files inside that folder which will be jpg, jpeg or both to be inaccessable throu out typing thier mysite/path/file.jpg
But also user can only access them when requested by file.php .
Sorry if my explaining is not all that good

That’s still impossible.
I mean if you want to make only certain people to access your files, you can do it by using .htaccess, such as @katufo posted above.
But that won’t make what you want.

Even if file.php is allowed to access your images,the public still can’t view your images because their images request (by browser) are your original images URL.
This is its diagram:


But after I tried (trial&error),I can make the images viewable using .htaccess+PHP.

Continue from my post above:

For example I uploaded img1.jpg & img2.jpg inside folder one.
The code inside file.php is something like this:

$img1 = '../one/img1.jpg';
$img2 = '../one/img2.jpg';
$img1Data = base64_encode(file_get_contents($img1));
$img2Data = base64_encode(file_get_contents($img2));
echo '<img src="data:image/jpeg;base64,'.$img1Data.'" alt="img1" />';
echo '<img src="data:image/jpeg;base64,'.$img2Data.'" alt="img2" />';

But the burden for the server becomes a bit heavy because of file_get_contents function.
Moreover if you will generate many images.

P.S. for moderator:
I think this thread must be moved to other Category.


you my friend are a life saver this is what i was looking for.
i have been surfing the web for a while now and posting on multiple forums
thanks for keeping up with a newbies question

1 Like

Since this topic is related to development, and Development support merged into previous hosting support, so it isn’t really necessary.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.