Reputation: 10240
I'm attempting to deny access to anyone surfing for PHP files in a specific directory:
example.com/inc/
I've created an example.com/inc/.htaccess file with the contents:
Order deny,allow
Deny from all
This results in a 403 Forbidden response when I try to access one of the files. For example: example.com/inc/file.php
The problem is, my web server is also denied access and my application stops working.
How can I deny access to people surfing for such PHP files but allow my shared web server access?
Note: I'm using GoDaddy shared hosting.
Upvotes: 6
Views: 18052
Reputation: 24478
I would would just use a rule and block the access that is entered by the user. This will block any php file that is entered.
RewriteEngine On
RewriteRule ^.*\.php$ - [F,L,NC]
Edit based on your comment. Try this way.
<Files (file|class)\.php>
order allow,deny
deny from all
allow from 127.0.0.1
allow from 192.168.0.1
</Files>
Replace 192.168.0.1 with your server IP address.
Upvotes: 7
Reputation: 20286
Use proper directory structure put your files to lib/ directory for example and include them from file which is not present in this directory. This is how common frameworks works.
You can even map your url to web/ directory and put lib one directory up then you are sure that there is no access to your .php file but only index.php and assets.
You can read how it is solved for example in Symfony2 http://symfony.com/doc/current/quick_tour/the_architecture.html it'll give you some clues.
Upvotes: 2
Reputation: 2853
To only deny access to php files you can use this:
<Files *.php>
order allow,deny
deny from all
</Files>
Upvotes: 1
Reputation: 57713
To block navigation access to all files ending in .php
you can use:
RedirectMatch 403 ^.*\.php$
Upvotes: 1