My website name is: cabinets.ga
I want to deny the access to all of my folders and files in my website, so this is my code to do that:
Order deny,allow
Deny from all
<FilesMatch "index\.php">
Allow from all
</FilesMatch>
This code works fine if the user write the link with the index.php like that : cabinets.ga/index.php but if he write only the domain name without the index.php like that: cabinets.ga it will give him (Forbidden)
So i want that if he enter both the domain name with the index.php or without it the website display the index.php without Forbidden it.. Any help please?
You can actually just make the filename optional in the regex (you don't need to use mod_rewrite). For example:
Order deny,allow
Deny from all
<FilesMatch "^(index\.php)?$">
Allow from all
</FilesMatch>
This will allow direct requests to index.php and also requests for the directory (no filename) ...which results in index.php (the DirectoryIndex) being served by mod_dir via an internal subrequest (which occurs later).
Note that you can't simply permit an empty filename (ie. "^$"). Whilst this allows the initial request for the bare directory, it will result in the internal subrequest for the DirectoryIndex, ie. index.php being blocked - so ultimately the request is blocked.
Note also that this allows access to all index.php files in all subdirectories and all directories that contain an index.php index document.
However, if you are on Apache 2.4 then you should be using Require instead, since Order, Deny and Allow are all deprecated on Apache 2.4.
Require all denied
<FilesMatch "^(index\.php)?$">
Require all granted
</FilesMatch>
UPDATE: My website is a single page application has just an index.php page controls all of my website with jquery ajax request, so i want when the user writed any other links accept my domain name accept the domain name the htaccess will redirect the user to the domain name
It sounds like you need to implement a front-controller pattern. The simplest form is using the FallbackResource directive. For example:
FallbackResource /index.php
Any requests that would otherwise result in a 404 are routed to /index.php. Any static resources (CSS, JS, images etc.) remain accessible and are not routed to /index.php.
Related
I have index.php file that i want to allow access only for specific ip with htaccess.
However i want to allow access for files named index.php in subdiectories for everyone.
How should I write rule that would affect only index.php in present directory? This is what i tried but with no success, it blocks index.php in subdirectories too:
<Files "./index.php">
Order deny,allow
Deny from all
Allow from 192.168.24.2
</Files>
You can write a .htaccess inside the subdirectories which contained the Allow from all, thus allowing access to those specific directories, and subdirectories from them onwards.
I have got a contact form on my website with file attachment as well, that has been restricted only to pictures. Although if I type in example.com/uploads/ all the files are accessible by anyone. Is htaccess the best way to hide it? Also how could I do that in a safe manner, without messing up the contact form?
I have tried this, but it blocks the whole website
deny from all
<Files ~ “^w+.(gif|jpe?g|png)$”>
order deny,allow
allow from all
</Files>
if I type in example.com/uploads/ all the files are accessible
You mean you get a directory listing? This can be disabled in .htaccess:
Options -Indexes
To actively block all HTTP requests for files in the /uploads directory (since you state in comments that these are only ever accessed over FTP) then all you need is (in your root .htaccess file):
RewriteEngine On
RewriteRule ^uploads - [F]
This will respond with a 403 Forbidden for all requests that start /uploads.
Just to block access to example.com/uploads/ you can place this rule in /uploads/.htaccess:
RewriteEngine On
RewriteRule ^/?$ - [F]
i'd like to make a redirect after a deny - because now, it's shows the apache Startpage.
My htaccess-code:
ErrorDocument 403 /forbidden.php
Deny from .ru
Deny from .cn
unfortunately it doesn't work, why?
thanks
thomas
This is only working if Apache can geht the DN of the client by double reverse lookup. If the reverse lookup has no result your rule will not work and the client gets access. You see, that this is not very reliable and you should switch to GEOIP.
If the deny rule is working and the desired page does not show, remember that the location is relative to the document root. So if your forbidden.php in subfolder /test you will need to set the rule like this:
ErrorDocument 403 /test/forbidden.php
Deny from .ru
Deny from .cn
Even if .htaccess and forbidden.php are in /test subfolder.
I have one website (www.mysite.com) that I have on a temporary redirect to another folder (www.mysite.com/tempfolder/index.php). I also host another site in the root folder of www.mysite.com called www.subsite.com. It has it's own URL, but I can't figure out how to make that entire sub-folder exempt from the redirect! Any ideas? Here is what my .htaccess file looks like right now (which is perfectly redirecting everything to the temporary landing page).
<Limit GET POST PUT>
order deny,allow
deny from all
allow from ***
allow from ****
allow from *****
</LIMIT>
ErrorDocument 403 http://www.mysite.com.com/tempfolder/index.php
<filesMatch ".(htm|html|php|css|js|php|gif|jpg|db|png)$">
order allow,deny
allow from all
</FilesMatch>
Any ideas? thanks all!
try putting an .htaccess file in the subfolder that does not contain the redirection rules. That should work just fine -- it can even be a blank file.
Hello I don't know much about the .htaccess configuration, but I want to restrict access to php files on my web server and I want to have only index.php with parameters accessible.
My files are in subfolder like: www.mydomain.com/sub/index.php. I want to have access to open that index.php in subfolder, css files and js files.
Here is my configuration I have so far:
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
<Files /index.php>
Order Allow,Deny
Allow from all
</Files>
<FilesMatch "*\.(css|js)$">
Order Allow,Deny
Allow from all
</FilesMatch>
I have tried to do something like <Files sub/index.php> but everytime it restricts all php files in subfolders and www.mydomain.com/index.php works fine.
Can anyone help me with it?
You can move all files except ones needed to be accessible by http (index.php, css, images etc.) out from DocumentRoot directory to upper level, so directory layout looks like this:
/lib
/files
/html
/index.php
/css/
/images/
where /html is your DocumentRoot.
In this case you won't need any additional restrictive rules in .htaccess or VirtualHost configuration/
htaccess may not be the best option to preventing direct access to some of your Php files. Instead, create an access value and set it to some value in the page you wish directed access to and don't set it in other pages otherwise.
$access = 'some value';
if(empty($access)) { header("location:index.php"); die();}
This way other php files will only be accessible via include or require. Hope that helps.