I have a directory structure like the following for a website on Ubuntu 14.04, running apache 2.4.7:
/websites/mywebsite/index.htm
/websites/mywebsite/private.htm
/websites/myqwbsite/folder/privatefile.ext
/websites/mywebsite/folder/subfolder/publicfile.ext
In the Apache config for the site, I have
<Directory /websites/mywebsite/>
AllowOverride Limit
Require all granted
</Directory>
I want to use .htaccess files in the site folder such that the private.htm and privatefile.ext files are Require all denied but everything else is granted.
I tried the following two .htaccess files:
/websites/mywebsite/.htaccess:
<FilesMatch (private.*.htm)$>
Require all denied
</FilesMatch>
/websites/mywebsite/folder/.htaccess:
Require all denied
/websites/mywebsite/folder/subfolder/.htaccess:
Require all granted
However, apache gives a 500 - "Require not allowed here" for /websites/mywebsite/.htaccess
How can I make what I want happen with apache 2.4-compatible configuration (ie I do not want to load mod_access_compat and use the old style config)?
/websites/mywebsite/folder/subfolder/. All other .htaccess files were removed. Apache still claims "Require not allowed here", even though apache documentation explicitly says it is allowed there: httpd.apache.org/docs/current/mod/mod_authz_core.html#require