user115079
Reputation: 711
block php file access (using mod_sec)
How can i block all access to a php file using mod_sec?
The file name has the form: sm6#.php, being # a random digit.
Upvotes: 0
Views: 1722
Answers (3)
4ft35t
Reputation: 148
SecRule REQUEST_FILENAME "sm6\d+\.php" "phase:1,block,severity:2,msg:'Blocking access to sm6#.php files.'"
Upvotes: 0
Reggie
Reputation: 644
You can do it with a simple single rule such as:
SecRule REQUEST_LINE "@rx sm6[0-9]{1,}\.php" \
"phase:2,block,severity:2,msg:'Blocking access to sm6#.php files.'"
In this case, the {1,} means at least 1 digit (after the number 6) in the filename. You could change it to 2, 3, 4, or even 100 if you wanted to. Or restrict it to minimum 2 digits and maximum 6 digits using {2,6}. It uses PCRE pattern matching, so it's up to you!
Upvotes: 1
Related Questions
- prevent php access and include for files in parent directory
- Block access to PHP file using .htaccess
- Only allow script from server to access files
- How to deny execution of any file on a specific apache directory?
- deny access of php file from url htaccess
- How to forbid HTTP access to PHP files?
- restrict access on file with php in apache
- Prevent access to files from Apache without .htaccess
- Block direct access to PHP files
- Preventing direct access to php files