Htaccess - restrict access to file but only in present directory

Question

I have index.php file that i want to allow access only for specific ip with htaccess.

However i want to allow access for files named index.php in subdiectories for everyone.

How should I write rule that would affect only index.php in present directory? This is what i tried but with no success, it blocks index.php in subdirectories too:

 <Files "./index.php">
        Order deny,allow
        Deny from all
        Allow from 192.168.24.2
    </Files>

Answer 1

This can be done using mod_rewrite as follow:

RewriteCond %{REMOTE_ADDR} !=192.168.24.2
RewriteRule ^index\.php$ - [F]

First line checks the client IP address is not the one allowed, and 2nd line simply tells to fail (error 403) serving the request.

Remember to place RewriteEngine On somewhere before the suggested code.

---

You can allow multiple IP addresses using regular expressions or by duplicating the RewriteCond line like so:

RewriteCond %{REMOTE_ADDR} !=127.0.0.1
RewriteCond %{REMOTE_ADDR} !^192\.168\.24\.[0-9]{1,3}$
RewriteCond %{REMOTE_ADDR} !=192.168.32.6
RewriteRule ^index\.php$ - [F]

The example above would allow localhost access and anyone in 192.168.24.0/24 subnet (including 192.168.24.6) and 192.168.32.6 but not 192.168.32.7 nor 192.168.2.6 for instance.

Note: I only used IPv4 addresses here but you can check for IPv6 addresses the same way.

Answer 2

You can write a .htaccess inside the subdirectories which contained the Allow from all, thus allowing access to those specific directories, and subdirectories from them onwards.