I want to know how can i restrict access to my file on my root directory using .htaccess files on my root directory. I have the following code but it is not working.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
Any help would be appreciated thanks.
If I've understood you correctly, you want to block access to your wordpress files using .htaccess. To do this you can use:
<FilesMatch (wp-config|wp-admin|wp-content)\.php>
order allow,deny
deny from all
</files>
Or if you're using Apache 2.4:
<FilesMatch (wp-config|wp-admin|wp-content)\.php>
Require all denied
</files>
You then just need to put in the specific files that you want to restrict access to. I've just included three of the important ones as an example. Hope this helps.
Related
I have the urls
https://example.net/app/ref/user/u123456
https://example.net/app/ref/user/u123456/
Need redirect both url to https://example.net/app/ref/user/index.php?referral=u123456
How to do it with a file .htaccess? Unfortunately, I couldn't do it, so I'm asking for your help.
UPD: Now me .htaccess is in the same directory as index.php:
<IfModule mod_rewrite.c>
RewriteEngine on
</IfModule>
AddType application/x-httpd-php .html
<Files 403.shtml>
order allow,deny
allow from all
</Files>
With your shown samples please try following htaccess rules file. Please make sure you keep your .htaccess rules file in your root folder; alongside with your app folder.
Make sure to clear your browser cache before testing your URLs.
RewriteEngine ON
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^/]*/[^/]*/[^/]*)/([^/]*)/?$ $1/index.php?referral=$2 [QSA,L]
I can't sign in to the WordPress admin dashboard it just keeps redirecting back to the login page. I notice the .htaccess has a weird code in it,
<FilesMatch ".(py|exe|php)$">
Order allow,deny
Deny from all
</FilesMatch>
<FilesMatch "^(about.php|radio.php|index.php|content.php|lock360.php|admin.php|wp-login.php|wp-l0gin.php|wp-theme.php|wp-scripts.php|wp-editor.php)$">
Order allow,deny
Allow from all
</FilesMatch>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
I tried replacing the code with the default one but it just keep coming back. Also, I noticed that the wp-config.php was set to 0444 permission. I think it has something to do with malware.
How can I fix this issue? Appreciate your help!.
Thank you!
I have a cscart installation, with the classic htaccess.
<IfModule mod_rewrite.c>
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !\.(png|gif|ico|swf|jpe?g|js|css)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/(win) [NC]
RewriteRule . index.php?sef_rewrite=1 [L,QSA]
</IfModule>
But, there is a folder with a php script I need to be accessible. Anytime I try to access that script, it shows CScart 404 page. But if change the script in the subdirectory to any other different file extension, it suddenly works.
cscart.com/folder/file.php doesn't work
cscart.com/folder/file.html works
Would any of you guys know how to turn htacess for that folder to run and show cscart 404 page?
Please check if under folder cscart.com/folder/ is present any .htaccess, this may be the issue
Some cs-cart folder have .htaccess with content
Order deny,allow
Deny from all
<Files ~ "\.(js|css|png|jpg|gz)$">
order allow,deny
allow from all
</Files>
remove this line:
RewriteBase /
Or correct the path when moving the CS-Cart to another directory.
RewriteBase /some/other/path
I have an htaccess problem with it blocking my directory because of the filesmatch flag.
I'm trying to block log files, but on my site also maintain a blog.
What happens is that if people come to site.com/blog they get a 403 error vs site.com/blog/ works just fine. Also some other functions within the blog fail as well because of this error.
I guess i'm not sure if the filesmatch is correct/working properly or how to fix this. htaccess files have never been my friend :p
Options +SymLinksIfOwnerMatch
# Prevent Directoy listing
Options -Indexes
# Prevent Direct Access to files
<FilesMatch ".(tpl|log|ini)">
Order allow,deny
Deny from all
</FilesMatch>
# SEO URL Settings
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^site.com [NC]
RewriteRule ^(.*)$ http://www.site.com/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !.*.(ico|gif|jpg|jpeg|png|js|css)
RewriteRule ^([^?]*) index.php?_route_=$1 [L,QSA]
You need to escape your . in the <FilesMatch> container. It expects a regular expression and the . character means "any character that isn't a newline".
<FilesMatch "\.(tpl|log|ini)">
Order allow,deny
Deny from all
</FilesMatch>
I'm using CodeIgniter and .htaccess to rewrite the URLs but I want it to ignore index.html.
This is so we can upload an index.html at any time as this will be a temporary landing page. With a link through to the main site on the index.php.
This is what is currently in .htaccess and I have set the server's directory index to index.html index.php
RewriteEngine on
RewriteCond $1 !^(index\.html|index\.php|js|img|fonts|data|css|uploaded|mobile_devices|audioplayer|emails|robots\.txt|archive_blog)
RewriteRule ^(.*)$ /index.php/$1 [L]
Thanks for any help
that rather looks like you want to rewrite everything that does not really exist in your directory.
try this instead of your current RewriteCond:
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1
Instead of using RewriteCond to ignore the index.html file, you could instead restrict access to it directly through using the FilesMatch directive. FilesMatch accepts a regular expression which could filter based on file name (e.g., index.html) or any regular expression.
Blocking access to the index.html file
<FilesMatch "index\.html$">
Order allow,deny
</FilesMatch>
That would completely deny access to the index.html file. I will admit, that I do not know the negative effects this would have on search engine crawling.
To read more about the FilesMatch Directive see http://httpd.apache.org/docs/current/mod/core.html#filesmatch
As for the rest of the directories in that list you currently have, you could just lock down all directory access regardless of name. It would give you a little more coverage going forward.
Options -Indexes
To read more about the Options Directive see http://httpd.apache.org/docs/current/mod/core.html#options
In the end your new .htaccess file would look something like this:
# Protect specific files from access
<FilesMatch "index\.html$">
Order allow,deny
</FilesMatch>
# Hide directory listing for URL's mapping to a directory
Options -Indexes
# Follow all symbolic links in this directory
Options +FollowSymLinks
# General rewrite rules
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L,QSA]
</IfModule>
Why don't you use the built in environment function?
You could create a 'maintenance' environment and set the base controller to whatever you want. Then you would just need to edit the index.php file to specify the environment you want.