I have a website that has multiple PHP files with the same name, like this:
martin/info.php
david/info.php
peter/info.php
How can I disable opening info.php files?
Try this in your .htaccess file :
<FilesMatch "info\.php$">
Order Allow,Deny
Deny from all
</FilesMatch>
Related
How to stop php from executing .php files while being accessed directly. I want to do routing on files and also want to stop users from directly accessing the .php files. Is there anyway to change the .htaccess file to achieve the functionality.
Prevent direct access to php files
write code in .htacess file.
<Directory "^public_html">
<Files "^(*.php|*.phps)">
order deny,allow
deny from all
</Files>
</Directory>
Or
<Files *.php>
deny from all
</Files>
This must be a simple errror...
I have certain php files in a Drupal site. I can execute them from inside Drupal, but when I need to execute some of them when I submit a form, I get "You don't have permission...". I added a .htaccess file in teh specific directory with this content
<FilesMatch "test\.php$">
Satisfy Any
Allow from all
</FilesMatch>
Now I am able to access the file, but the browser display the content instead of parsing it.
What am I doing wrong?
Seems like php is not enabled in that directory. Enable it by AddType
<FilesMatch "test\.php$">
Satisfy Any
Allow from all
AddType text/html .php .phps
</FilesMatch>
Thanks for all relplies.
It turned out that Drupal create a .htacces file in my directory with the following code after one of their security updates:
# Set the catch-all handler to prevent scripts from being executed.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2006_006
<Files *>
# Override the handler again if we're run later in the evaluation list.
SetHandler Drupal_Security_Do_Not_Remove_See_SA_2013_003
Options None
Options +SymLinksifOwnerMatch
</Files>
That was the cause of the problem.
In my site I've some file used by my application where are putted the log information.
For example a log file is "access.log", and i write in by PHP.
If a visitor go to www.mysite.ext/access.log , can see the file and all the information inside it.
How can I disallow this?
thanks a lot
Put this in your .htaccess
<FilesMatch "\.(htaccess|htpasswd|pinc|ini|phps|fla|psd|log|sh)$">
Order Allow,Deny
Deny from all
</FilesMatch>
Will block .log and other common files you don't want people to access.
If you want to do this in Apache, you can add the following to your .htaccess:
<files access.log>
deny from all
</files>
I would like to prevent direct url access to some selected directories. But then make a few files inside the chosen directories accessible for direct url access. I'm having some trouble writing the < filesmatch > portion to allow access to the .php files inside the "xml/" directory. I'm wanting to include part of the "path" in the filesmatch directive, rather than create separate < directorymatch > directives for each directory i want certain files availabe in, but it doesn't work...works if I remove the "/xml/" and put <FilesMatch "\.(php)$">
In my httpd.conf I have a virtual directory set up. Inside the virtual directory I added the following:
<DirectoryMatch "^/data/servers/dev.site.com/web/administrator/(includes|xml|css|javascript|stylesheet|cache|classes|acco
unt_files)">
AddType application/x-httpd-php .php .html .htm
Options none
AllowOverride All
Order Deny,Allow
Deny from all
#Target all files in "xml/" directory that end in ".php"
<FilesMatch "/xml/\.(php)">
AddType application/x-httpd-php .php
Order Allow,Deny
Allow from all
</FilesMatch>
</DirectoryMatch>
Anyone know how I should write this?
Thanks for the help.
FilesMatch works purely on filenames - it doesn't look at the path portion at all, so you'll never get an '/xml/' in a filename in the FilesMatch block. That's why there's DirectoryMatch above. Match the directory there, then match filenames within the dirmatch.
I am able to disable access to a file with .htaccess, but I don't know how to disallow multiple files to be viewed (directly, not from includes)
They are .php so I can't disable a file type (like the only tutorials online say..)
<FILES ... ?
</FILES>
Or something.. For example "home.php, file.php , test.php" how do I disallow access to all three files with that tag? or similar, help please!
If you want to exclude files based on regular expressions, you could use FilesMatch instead of Files, e.g.:
<FilesMatch ^((home|test|file)\.php$|mysecretfolder|asecretpicture\.jpe?g)$>
...
</FilesMatch>
Looks like you have to exclude those files one by one:
<files home.php>
Deny/Allow/Whatever
</files>
<files file.php>
...
You can use *.gif in <files> or something*, but as home.php, file.php and test.php can't really be grouped with a "*", this is probably the only way to go.
since apache 2.4
<FilesMatch "\.htaccess|config\.php">
Require all denied
</FilesMatch>
instead of
<FilesMatch "\.htaccess|config\.php">
Order allow,deny
Deny from all
</FilesMatch>