Apache: Block all directories except for listed ones

Question

I want to block people from accessing every directory except for /sandbox, /WebDev and /Projects

I tried this:

<Directory ^/(?<!sandbox|Projects|WebDev)+(/.*)>
    Order Deny,Allow
    Deny from all
</Directory>

but it gave a 500 error.

Answer 1

The canonical way is something like:

<Directory />
    Order Deny,Allow
    Deny from all
</Directory>

<Directory /sandbox>
    Order Deny,Allow
    Allow from all
</Directory>

<Directory /WebDev>
    Order Deny,Allow
    Allow from all
</Directory>

<Directory /Projects>
    Order Deny,Allow
    Allow from all
</Directory>

Answer 2

Here is the right tested way you want with a RegEx.

I suggest you use this in the Apache configuration file itself, not within .htaccess as it may not work correctly on some default OS's Apache configs (such as Ubuntu's) unless if you corrected the other related configurations to make it work within .htaccess (i.e.AllowOverride.. etc)

    <Directory />
            Order allow,deny
            deny from all
    </Directory>
    <Directory ~ "/(sandbox|Projects|WebDev)">
            Order allow,deny
            allow from all
    </Directory>

Yes, it is an OLD questions, but this answer might help someone.. :-)