So I browsed through all the htaccess solutions but none are good for my scenario...
Basically I want to deny direct access to all file types except the ones listed, like this:
Order Deny,Allow
Deny from All
<FilesMatch ".(flv|gif|jpg|jpeg|png|ico|swf|js|css|less|pdf|php|html)$">
Allow from All
</FilesMatch>
The problem is I can't use urls like /?foo=bar but must use /index.php?foo=bar ...
How to solve this? RewriteCond? Can anyone drop a oneliner that does the same?
Thanks.
This worked:
<FilesMatch ".(flv|gif|jpg|jpeg|png|ico|swf|js|css|less|pdf|php|html|htm)$">
Allow from All
</FilesMatch>
<FilesMatch "^(index\.php)?$">
Allow from all
</FilesMatch>
Related
The following htaccess rules are given and set by the server management application:
<Directory "/var/www/vhosts/domain.com/httpdocs/wp-content">
<FilesMatch \.php$>
Require all denied
</FilesMatch>
</Directory>
This is actually fine except the fact that it should exclude a specific file which must be accessible:
/var/www/vhosts/domain.com/httpdocs/wp-content/plugins/plugin-name/public/image.php
Do you have an idea how to adjust the first rules to exclude the mentioned file from being blocked?
Thanks in advance
You could add one more FilesMatch condition that then allowed access to your file.
<Directory "/var/www/vhosts/domain.com/httpdocs/wp-content">
<FilesMatch \.php$>
Require all denied
</FilesMatch>
<FilesMatch image\.php$>
Require all granted
</FilesMatch>
</Directory>
This should work just fine.
Hope it helps.
If you want to look at more information about Apache configuration sections, take a look at their main documentation portal.
https://httpd.apache.org/docs/2.4/sections.html
Try with below,
<FilesMatch !image\.php$>
Require all denied
</FilesMatch>
I am trying to deny everyone to download anything inside the "attachment" directory.
My website structure is:
public_html
-img
-css
-root
--attachment
---(numeric id)
----(files)
-js
What I am trying to do is, to deny access to root/attachment//
I tried many things, but I don't know why, I cannot get it working, my last tried was:
.htaccess - on main directory.
<FilesMatch "root/attachment/.*/.*">
Order Allow,Deny
Deny from all
</FilesMatch>
Any ideas?
Thank you very much :)
FilesMatch doesn't work with directories.
Create a new .htaccess inside root/attachment/ as
<FilesMatch ".*">
Order Allow,Deny
Deny from All
</FilesMatch>
Redirect rules specified in a parent directory .htaccess apply to its sub-directories as well. In case, these access rules do not work the same way, just move the .htaccess directly into files directory.
Create a new htaccess file /root/attackment/.htaccess and add the following lines
Order Allow,Deny
Deny from all
How I add multiple files in htaccess files tag? The code bellow works for one file.
<Files wp-login.php>
Order Deny,Allow
Allow from 191.211.9.1
Deny from all
</Files>
I end up using this:
<filesMatch "^(wp-login|wp-file)\.php$">
Order Deny,Allow
Allow from 190.190.0.1
Deny from all
</filesMatch>
Try something like this(not tested but should work):
<Files ~ "^(admin|wp-login|one-more-file)\.php$">
or this:
<FilesMatch "^(admin|wp-login|one-more-file)\.php$">
I keep getting my .htaccess file hacked on my WordPress installation, what can I do to prevent this from happening again?
http://pastebin.com/H54FaA8U
Have a look on security.stackexchange.com's wordpress tag for guidance here, and this question in particular.
change your user name and password add tough password that has number and digit and character caps etc.
remove all the extra templates, One of you template files are infected that is re writing the htaccess file.
Update all the plugins and templates that you are using.
remove all the extra plugins that you no longer use.
it worked for me good luck
Add this htaccess code in your WordPress .htaccess file to Protect .htaccess and wp-config.php file From Unauthorized Access
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>
<files wp-config.php>
order allow,deny
deny from all
</files>
I was told that this is the right way to redirect anyone who is trying to open:
/users/username/something.txt
But i can't seem to get it work.
RewriteEngine on
RewriteRule \.txt$ /notallowed.html [F,L,NC]
Is this wrong?
The simplest way to deny users from all TXT files would be to use something like:
<FilesMatch "\.(txt)$">
Order Allow,Deny
Deny from all
</FilesMatch>
However, the code you have there should work for all intents and purposes. Depending on your server configuration, however, you may need to add "Options +FollowSymLinks".
If you decide to go the FilesMatch route, you can use ErrorDocument to control what page the user is taken to.