For example.
I have this file in this link:
http://www.anothersite.com.br/example/product.view_bkp_20052020
And in my .htaccess file I have this rule:
<Files ~ "\.view$">
Order allow,deny
Deny from all
</Files>
But, I can access the file when used characters together.
Related
I want to share one of my subdomain to public that anyone can upload and explore any files. I want to it be a simple, so I chose https://github.com/webcdn/File-Explorer project. It is responsive and beautiful. But I need some modifications:
Remove authentication -> I did it.
Prevent execution of any PHP file (for security reasons) except "explore.php".
I did it using .htaccess file as below:
<Files *.php>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Files>
<Files explore.php>
Order Allow,Deny
Allow from all
</Files>
DirectoryIndex explore.php
The problem is that "File-Explorer" project still shows "explore.php".
I renamed explore.php to .explore.php and replaced it in .htaccess, but it doesn't work and the website can't be load.
How to stop php from executing .php files while being accessed directly. I want to do routing on files and also want to stop users from directly accessing the .php files. Is there anyway to change the .htaccess file to achieve the functionality.
Prevent direct access to php files
write code in .htacess file.
<Directory "^public_html">
<Files "^(*.php|*.phps)">
order deny,allow
deny from all
</Files>
</Directory>
Or
<Files *.php>
deny from all
</Files>
I'm triyng to blobk access to certain files.
I have on my server many files like this
filename_sql.php
Basically i need to disallow user to access directly to sql.php files:
http://url.com/filename_sql.php <<<
I have created an htaccess with this code, but i can access files direcly calling url.
What do I wrong?
<Files ~ "\.sql(.php)?$">
Order allow,deny
Deny from all
</Files>
Thanks all.
Your regex expression is matching filenames that end in ".sql.php", but the example filename you listed ends with "_sql.php"
If you remove the first period, it should match requests like "filename_sql.php" (or anything ending with "sql.php"):
<Files ~ "sql(\.php)?$">
Order allow,deny
Deny from all
</Files>
But, an even better method for keeping these files from being directly accessed, would be to move them outside of the root/public directory.
I think this will do the trick
<Files ~ "\.sql(\.php)?$">
Order allow,deny
Deny from all
</Files>
You forgot to put \ before .php.
1) My wp-content is hardened with a .htaccess file containing this code:
<Files *.php>
deny from all
</Files>
2) I want (need) to authorize xml-sitemap-xsl.php Otherwise I get this error in my error log: client denied by server configuration: /home/user/mysite.net/wp-content/plugins/wordpress-seo/css/xml-sitemap-xsl.php, referer: http://mysite.net/sitemap_index.xml
3) I think I should add the following code but I’m not sure if it’s the right code nor where to place it:
<Files "xml-sitemap-xsl.php">
Allow from all
</Files>
The thing I want to avoid is a conflict between the deny and allow commands.
Thanks,
P.
This has not much to do with Wordpress and I am not an expert regarding .htaccess, but I believe that what your file is doing is not denying access to your directory by all .php files, rather, denying access to all the .php files inside the directory.
The <Files> directive is used to add specific rules to specific files and, as far as I know, it cascades.
Considering your comment, this should do the trick
<Files *.php>
deny from all
</Files>
<Files "xml-sitemap-xsl.php">
Order Allow,Deny
Allow from all
</Files>
see: Deny direct access to all .php files except index.php
This question already has answers here:
.htaccess deny access to specific files? more than one
(3 answers)
Closed 8 years ago.
I want to deny access to multiple PHP files in directory /all/cstl/.
My .htaccess is also stored in this directory.
This is my current code and it's not working.
<Files "\ (config.php|function.php|include.php)">
Order allow,deny
Deny from all
</Files>
I have tried to deny the directory and allow specific files but it denies the directory and does not allow the requested .php files. My code for this is:
<Directory />
Order deny,allow
Deny from all
<Directory>
<Files "index.php|post.php">
Order deny,allow
Deny from all
</Files>
Please give me some example of blocking access to multiple specific files within a directory.
There are several problems with the .htaccess you have there.
As BSen linked in the comment above, you should use FilesMatch.
Also, your regular expression is wrong.
The problem with the regular expression is that you have an escaped space at the start, so all files must start with a space character (followed by one of config.php, function.php etc)
Also a small explaination of the Order allow,deny directive:
http://www.maxi-pedia.com/Order+allow+deny
Try this:
<FilesMatch "config\.php|function\.php|include\.php">
Order allow,deny
Deny from all
</FilesMatch>
If you'd like to deny all but a few files, this would read as
Order deny,allow
Deny from all
<FilesMatch "index\.php|index\.html">
Allow from all
</FilesMatch>