Reputation: 147
I want to deny access to all PHP files in all subfolders, but allow access to all PHP files in a specific subfolder (e.g. test
).
I tried a lot, but cannot find any solution.
Here is the whole htaccess file
<filesmatch \.(php|phtml)$>
deny from all
</filesmatch>
<filesmatch (index.php|install.php)>
allow from all
</filesMatch>
<ifmodule mod_deflate.c>
<filesmatch \.(css|js|php|phtml|svg|woff|xml)$>
setoutputfilter deflate
</filesmatch>
</ifmodule>
<ifmodule mod_security.c>
secfilterengine off
secfilterscanpost off
</ifmodule>
<ifmodule mod_rewrite.c>
rewriteengine on
rewritecond %{https} off
rewritecond %{http_host} ^www\.(.*)$ [nc]
rewriterule ^(.*)$ http://%1/$1 [r=301,l]
rewritecond %{https} on
rewritecond %{http_host} ^www\.(.*)$ [nc]
rewriterule ^(.*)$ https://%1/$1 [r=301,l]
rewritecond %{request_filename} !-d
rewriterule ^(.*)/$ /$1 [r=301,l]
rewritecond %{request_filename} -f
rewriterule ^(.*) $1 [l]
rewritecond %{request_filename} !-d
rewriterule ^([^.]*)$ ?p=$1 [l]
rewritecond %{request_filename} !-d
rewriterule ^([^.]*).([\w]{2})$ ?p=$1&l=$2 [l]
rewritecond %{request_filename} !-d
rewriterule ^([^.]*).([\w]{3,})$ ?p=$1&t=$2 [l]
</ifmodule>
<ifmodule mod_headers.c>
<filesmatch \.(gif|ico|jpg|svg|png|woff)$>
header set cache-control max-age=2419200
</filesmatch>
<filesmatch \.(css|js|swf)$>
header set cache-control max-age=604800
</filesmatch>
<filesmatch \.(phtml|xml)$>
header set cache-control max-age=600
</filesmatch>
</ifmodule>
fileetag none
Thanks!
Upvotes: 0
Views: 580
Reputation: 38
In a system I coded, I added the following line to the codes, which I only want them to be accessible by those which I want them to access:
defined('AUTH') or die(header('HTTP/1.0 403 Forbidden'));
And for those .php files, if I want them to use/access that particular PHP script, I started them by adding this line onto the top before I include()
or require()
the files:
define('AUTH', true);
This way, any access attempt to those files that do not have "AUTH" defined in it will get an HTTP 403. This also forbids direct link access. ;) Maybe this solution works for you, too.
Upvotes: 0