Block Internet Access to a File

TL;DR

You can block internet access to a file by using your firewall or web server configuration. This guide shows you how to do it with common tools.

Steps

1. Understand the Problem: When someone tries to access a file directly over the internet, they’re usually making an HTTP/HTTPS request to your web server. We need to prevent that request from reaching the file.
2. Using Your Firewall (Recommended): Firewalls are the best way to block unwanted traffic. Most operating systems have built-in firewalls.
   • Windows Firewall:
     1. Open “Windows Defender Firewall with Advanced Security”.
     2. Click “Inbound Rules” on the left.
     3. Click “New Rule…” on the right.
     4. Select “Port” and click “Next”.
     5. Specify TCP port 80 (HTTP) and/or 443 (HTTPS). Click “Next”.
     6. Select “Block the connection” and click “Next”.
     7. Choose when this rule applies (Domain, Private, Public networks). Click “Next”.
     8. Give the rule a descriptive name (e.g., “Block HTTP Access”) and click “Finish”. Repeat for port 443 if needed.
   • Linux Firewall (iptables/firewalld): The commands vary depending on your distribution.

     sudo iptables -A INPUT -p tcp --dport 80 -j DROP

     sudo iptables -A INPUT -p tcp --dport 443 -j DROP

     (These commands block incoming HTTP and HTTPS traffic. You’ll need to save the rules for them to persist after a reboot.)

3. Using Your Web Server Configuration (Apache, Nginx): If you can’t use your firewall, configure your web server.
   • Apache (.htaccess file): Create or edit the .htaccess file in the directory containing the file you want to block.

     <Files filename.ext>
     Require all denied
     

     Replace filename.ext with the actual name of your file.

   • Nginx (server block configuration): Edit your Nginx server block configuration file.

     location /path/to/file {
         deny all;
     }

     Replace /path/to/file with the correct path to the file. You’ll need to reload Nginx after making changes:

     sudo nginx -t # Test configuration
     sudo systemctl reload nginx

4. Verify the Block: Try accessing the file from a different computer or network. You should receive an error message (e.g., “Connection refused”, “403 Forbidden”). Use a tool like curl to test.

   curl http://yourserver/path/to/file

5. Important Considerations:
   • HTTPS: If your website uses HTTPS, make sure you block port 443 as well.
   • Caching: Clear any browser or server-side caches after making changes to ensure the new rules are applied correctly.
   • Security Best Practices: Blocking access at the firewall level is generally more secure than relying solely on web server configuration.