Reputation: 33996
I have following .htaccess file for my CakePHP 2 website.
I put this under webroot folder.
Everyday some bots try to login to my site as a wordpress site. So I need to restrict some file names (wp-login.php) or some directories like Administrator or Cache.
How can I restrict to that files and folders?
<FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">
Order allow,Deny
Deny from all
</FilesMatch>
<Files wp-login.php>
Order allow,deny
Deny from all
</Files>
#<Directory /Administrator>
# Order allow,deny
# Deny from all
#<Directory>
#<Directory /Cache>
# Order allow,deny
# Deny from all
#<Directory>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>
#set file cache maximum age in seconds
<ifmodule mod_headers.c>
<filesmatch "\.(ico|flv|jpg|jpeg|png|gif|css|swf)$">
Header set Cache-Control "max-age=518400, public"
</filesmatch>
<filesmatch "\.(js|css)$">
Header set Cache-Control "max-age=604800, public"
</filesmatch>
</ifmodule>
# gzip files
<ifModule mod_gzip.c>
mod_gzip_on Yes
mod_gzip_dechunk Yes
mod_gzip_item_include file \.(html?|txt|css|js|php|pl)$
mod_gzip_item_include handler ^cgi-script$
mod_gzip_item_include mime ^text/.*
mod_gzip_item_include mime ^application/x-javascript.*
mod_gzip_item_include mime ^application/javascript.*
mod_gzip_item_exclude mime ^image/.*
mod_gzip_item_exclude rspheader ^Content-Encoding:.*gzip.*
</ifModule>
# gzip files
<ifModule mod_deflate.c>
<filesMatch "\.(css|js|x?html?|php)$">
SetOutputFilter DEFLATE
</filesMatch>
</ifModule>
Edit: I changed redirection code to this. Directory problem solved but CakePHP style Interval server error exception is still exists.
<FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh)$">
Order allow,Deny
Deny from all
</FilesMatch>
<Files "wp-login.php">
Order allow,deny
Deny from all
</Files>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteRule ^/?(administrator|cache|undefined) - [L,F,NC]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>
Upvotes: 1
Views: 1405
Reputation: 143966
You can't use the <Directory>
blocks inside an htaccess file. I'm not sure why you get a 500 error for wp-login.php, but you need to add some quotes to the declaration:
<Files "wp-login.php">
Order allow,deny
Deny from all
</Files>
You can place individual htaccess files in the Administrator
and Cache
directories that are just:
Order allow,deny
Deny from all
Or you can use something like a rewrite rule:
RewriteRule ^/?(Administrator|Cache) - [L,F]
Upvotes: 3