I have a project with ngix as reverse proxy-server and Apache, i'm trying to restrict access to the files contained in a specific folder only to the server ifself. So this is an example:
domain: mysite.test
server ip: 100.100.1.1
hide folder path: /var/www/vhosts/mysite.test/httpdocs/foldertohide
hidden file https://mysite.test/foldertohide/img1234.png
This what i put inside additional https and https directive of Apache:
<Directory "/var/www/vhosts/mysite.test/httpdocs/foldertohide">
Order deny,allow
Deny from all
Allow from 100.100.1.1
</Directory>
At this point I shouldn't be able to reach the URL for the hidden file, but if I enter it into the browser instead of a 403 error i see the image. I have used the same directives in others old projects, why they not work anymore ?
Allow
,Deny
, andOrder
directives, provided by mod_access_compat, are deprecated and will go away in a future version. You should avoid using them, and avoid outdated tutorials recommending their use."