Reputation: 1044
htaccess deny all disables example.com represent as domain.com/index.php
I am working on securing my web server. I do not want people to be able to execute files they shouldn't.
I was told that I should deny all and whitelist files that could be executed. That works. Problem is when i access my domain.com it wont execute example.com/index.php . if i type example.com/index.php it works.
here is my htaccess file
Options -Indexes
Order deny,allow
Deny from all
<Files /index.php>
Allow from all
</Files>
<Files "index.php">
Allow from all
</Files>
<Files "teacher_login.php">
Allow from all
</Files>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Upvotes: 0
Views: 30
Answers (1)
Reputation: 324630
You know what's a better way to prevent people from executing scripts they shouldn't?
Don't put them on the Web at all.
Put these scripts outside of public_html on your server, and suddenly nobody can access them! No need for .htaccess hacks like what you're trying. And better still, they're still accessible for the server itself - eg.
require($_SERVER['DOCUMENT_ROOT']."/../hidden-scripts/something.php");
Much better.
Upvotes: 1
Related Questions
- .htaccess deny from all
- .htaccess - Deny from all except index.php and current directory ./
- .htaccess deny from x.x.x.x not working with RewriteRule .* index.php [L]
- .htaccess deny from all doesn't work
- htaccess <Directory> deny from all
- .htaccess deny php files from all except index
- Blocking all requests through .htaccess
- How to block access to all .php except index.php in root folder (via .htaccess)?
- .htaccess deny from all BUT server
- .htaccess deny all, except?