apache .htaccess directory-structure subdirectory

htaccess files with "deny from all" does it deny subdirectories as well?

If I have a directory structure like this:

- index.php
- public
    - img
    - css
- application
    - controllers
        - user
        - admin
    - models
    - views
    .htaccess

I'm using the index.php as my front controller so all MVC classes and files are included and don't require directory access.

In the .htaccess I have Deny from all inside it and it sits in the application directory. Does that effectively deny direct file access and directory listing to all the sub-directories under the application directory as well? Or do I need to put the .htaccess file inside each sub-directory as well?

Many thanks

Solution

Yes - .htaccess works for the whole tree inside the directory. To override it's rules you have to add the given rule in a subdir and then the new .htaccess will work for the whole tree inside that subdir.

apache and php in seperate containers on ubuntu
OCI8 working with the command line but not on apache
Name duplicates previous WSGI daemon definition
Certbot Apache error "Name duplicates previous WSGI daemon definition."
Apache: difference between "Header always set" and "Header set"?
Are PDF headers all the same regardless of version
httpd-xampp.conf: How to allow access to an external IP besides localhost?
Cannot connect to Oracle (oci8) with Apache (FPM). PHP 7.x CLI is OK
Apache HttpClient not executing third request
Docker PHP alpine can't configure Apache to use PHP
Installing oci8 on Centos 8 running Apache and php-fpm
htaccess mod_rewrite from old folder to new folder only if file exists in new folder
Install mod_wsgi on Ubuntu with Python 3.6, Apache 2.4, and Django 1.11
UTF-8 all the way through
Apache won't serve pages on my Raspberry Pi
Symfony 5.4 routes by annotations not working
CORS (cross origin resource sharing) using PHP
403 Forbidden when URL contains GET with encoded question mark / UnsafeAllow3F / rawurlencode
How do you increase the apache fastCGI timeout on MAMP / MAMP Pro?
Apache: how to hide server version and operation system from users?
xampp is not showing .php files saved in htdocs folder
Apache: WSGI not routing
What is the difference between Tomcat containers and Docker containers?
Apache is running on Docker but is not receiving a response on host
Laravel reverb not working with SSL on production with apache
HttpClient exception: java.lang.IllegalArgumentException: host parameter is null
Where do I put "WSGIPassAuthorization On"?
Apache strips down "Authorization" header
meta tags not showing up in fb-messenger&discord ect... -> when using https
nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation could not be located in the dynamic link library php-8.3.4\ext\php_curl.dll