Reputation: 33996
CakePHP site restricting access to some files with .htaccess
I have following .htaccess file for my CakePHP 2 website.
I put this under webroot folder.
Everyday some bots try to login to my site as a wordpress site. So I need to restrict some file names (wp-login.php) or some directories like Administrator or Cache.
- But when I enter to example.com/wp-login.php I get "Error: An Internal Error Has Occurred." page of CakePHP exception.
- When I uncomment "directory /administrator" or "directory/cache" every page gives a 403 error.
How can I restrict to that files and folders?
<FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">
Order allow,Deny
Deny from all
</FilesMatch>
<Files wp-login.php>
Order allow,deny
Deny from all
</Files>
#<Directory /Administrator>
# Order allow,deny
# Deny from all
#<Directory>
#<Directory /Cache>
# Order allow,deny
# Deny from all
#<Directory>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>
#set file cache maximum age in seconds
<ifmodule mod_headers.c>
<filesmatch "\.(ico|flv|jpg|jpeg|png|gif|css|swf)$">
Header set Cache-Control "max-age=518400, public"
</filesmatch>
<filesmatch "\.(js|css)$">
Header set Cache-Control "max-age=604800, public"
</filesmatch>
</ifmodule>
# gzip files
<ifModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_include mime ^application/javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>
# gzip files
<ifModule mod_deflate.c>
<filesMatch "\.(css|js|x?html?|php)$">
SetOutputFilter DEFLATE
</filesMatch>
</ifModule>
Edit: I changed redirection code to this. Directory problem solved but CakePHP style Interval server error exception is still exists.
<FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">
Order allow,Deny
Deny from all
</FilesMatch>
<Files "wp-login.php">
Order allow,deny
Deny from all
</Files>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteRule ^/?(administrator|cache|undefined) - [L,F,NC]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>
Upvotes: 1
Views: 1405
Answers (1)
Reputation: 143966
You can't use the <Directory> blocks inside an htaccess file. I'm not sure why you get a 500 error for wp-login.php, but you need to add some quotes to the declaration:
<Files "wp-login.php">
Order allow,deny
Deny from all
</Files>
You can place individual htaccess files in the Administrator and Cache directories that are just:
Order allow,deny
Deny from all
Or you can use something like a rewrite rule:
RewriteRule ^/?(Administrator|Cache) - [L,F]
Upvotes: 3
Related Questions
- .htaccess for cakephp
- allow access to certain php files in codeigniter
- Cakephp htaccess
- CakePHP and .htaccess in shared hosting environment
- CakePHP: how to allow public access to files in a directory besides /webroot
- CakePHP: How to allow password access to one directory with .htaccess
- htaccess with cakephp workds for windows but not for ubuntu
- CakePHP access restricted files after authentication
- Wordpress: prevent mod_rewrite rules for specific directories
- CakePHP Website Path Access Issue