3rgo
Reputation: 3153
How can i block everything except root PHP scripts
I want to block HTTP access to every file in my project directory except PHP scripts located in the root folder (not subfolders).
My current .htaccess file looks like this :
# Disable Directory Listings in this Directory and Subdirectories
# This will hide the files from the public unless they know direct URLs
Options -Indexes
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^api/(.*)$ api.php/$1 [QSA,L]
</IfModule>
# Deny all files from being accessed with Apache
Order Deny,Allow
Deny from all
# Allow specific PHP files at root
<FilesMatch "/(api|cron|status)\.php$">
Order Allow,Deny
Allow from all
</FilesMatch>
This mostly works, except for the URL rewriting on the api.php script. I've tried changing the FilesMatch regexp to /(api|cron|status)(\.php)?$, but it keeps on throwing me a 403 response.
Anyone can explain to me what I did wrong here ? I'm usually OK with regexp, but this has got me thinking Apache doesn't process them like everyone else...
Upvotes: 0
Views: 67
Answers (1)
user7858183
Reputation: 36
Deny from all
<FilesMatch "^(api|cron|status)\.php$">
Order Allow,Deny
Allow from all
</FilesMatch>
And I guess make sure your .htaccess is on the root level.
Upvotes: 1
Related Questions
- Block direct access to .php files, less the index.php file and ajax.php file
- Deny direct access to all .php files except index.php
- Deny php script to access parent directories
- .htaccess deny php files from all except index
- Block index.php everywhere except in the root directory with .htaccess
- .htaccess deny access to just PHP files
- Blocking all requests through .htaccess
- How to block access to all .php except index.php in root folder (via .htaccess)?
- How to block direct requests to php files in specified directory?
- Deny access to all .php files except root index.php