I have this .htaccess file in which I forbid users to physically access files from the browser (where they should only be downloaded through the system)
Options -Indexes
Order deny,allow
deny from all
I have one problem, although sometimes I upload files through AJAX, and there I get 403 Forbidden. I have little experience with apache mod_access. I read the directive in the directive , since all my AJAX-based files are in the same directory as ajax.
But I need to refuse access to all directories except those called ajax, and I lack regular expression skills.
An example directory structure is as follows.
plugins/inventory/ajax
plugins/inventory/controller
plugins/inventory/view
plugins/packages/ajax
plugins/packages/controller
plugins/packages/view
The .htaccess file is located in the plugins directory.