Results 1 to 6 of 6

Thread: Help with .htaccess to prevent file access

  1. #1

    Default Help with .htaccess to prevent file access

    In the script I'm using, I find that most directories don't have an .htaccess file to prevent unwanted scripts from running or even index.html file to prevent browsing of the dir.

    I find adding those files on an individual directory basis very time consuming and tired.

    I would like to have a rule, or set of them, in .htaccess that'll allow me to block every PHP script from being accessed directly via URL, except a couple of index.php files that seem to be all that's needed to run the website.

    Is there a way to achieve this?

    Thanks!

  2. #2

    Default

    It turns out that the admin directory uses more php files than just index...

    After a lot of reading on .htaccess, I came up with this code, which seems to be working:

    Code:
    # Only allow to open PHP files in root or admin directories.
    RewriteCond %{REQUEST_URI} !admin
    RewriteRule ^.*/.*\.php$ / [R,NC]
    I tried to open php files in several directories, and so far it seems to be working fine.

    Does anyone here see something wrong with it that I may not have realized yet?

    Thanks!

  3. #3
    Senior Member
    Join Date
    Sep 2005
    Location
    Russia, Nizhny Novgorod
    Posts
    315

    Default

    I don't get why you can't just put an .htaccess file with the only content of "deny from all" in this folder. It will be leaps faster than using mod_rewrite.

  4. #4

    Default

    Yeah, but then I'd have to add it to every folder I want to deny, instead of doing everything from a single .htaccess file in root, right? And can I only do it with PHP files and let other files (e.g. images) be accessed? I don't want to be checking all the theme directories, etc., to permit or not the right ones.

    I'm completely new to .htaccess, so I appreciate your comment and look forward to your answer to my question.

    I'm looking for a solution that'll let me simply do all from a single place. Even if mod_rewrite is slower, the sites I'm working with receive very little traffic and they already have rewrite rules for the URLs to make them more SEO friendly.

  5. #5
    Senior Member
    Join Date
    Sep 2005
    Location
    Russia, Nizhny Novgorod
    Posts
    315

    Default

    You can use <Directory> and <File> tags to apply the restrictions from the .htaccess in the root to the subfolders centrally. Check out the documentation on the subject.

  6. #6
    Senior Member
    Join Date
    Apr 2004
    Location
    Manchester, UK
    Posts
    168

    Default

    What script are you using?

    IIRC, Joomla for instance doesn't use .htaccess for protection, but does a check at the start of each script...

    Code:
    Options -Indexes
    Should stop directory listings

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •