Help with .htaccess to prevent file access

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • anguz
    Member
    • Mar 2004
    • 47

    Help with .htaccess to prevent file access

    In the script I'm using, I find that most directories don't have an .htaccess file to prevent unwanted scripts from running or even index.html file to prevent browsing of the dir.

    I find adding those files on an individual directory basis very time consuming and tired.

    I would like to have a rule, or set of them, in .htaccess that'll allow me to block every PHP script from being accessed directly via URL, except a couple of index.php files that seem to be all that's needed to run the website.

    Is there a way to achieve this?

    Thanks!
  • anguz
    Member
    • Mar 2004
    • 47

    #2
    It turns out that the admin directory uses more php files than just index...

    After a lot of reading on .htaccess, I came up with this code, which seems to be working:

    Code:
    # Only allow to open PHP files in root or admin directories.
    RewriteCond %{REQUEST_URI} !admin
    RewriteRule ^.*/.*\.php$ / [R,NC]
    I tried to open php files in several directories, and so far it seems to be working fine.

    Does anyone here see something wrong with it that I may not have realized yet?

    Thanks!

    Comment

    • ZYV
      Senior Member
      • Sep 2005
      • 315

      #3
      I don't get why you can't just put an .htaccess file with the only content of "deny from all" in this folder. It will be leaps faster than using mod_rewrite.

      Comment

      • anguz
        Member
        • Mar 2004
        • 47

        #4
        Yeah, but then I'd have to add it to every folder I want to deny, instead of doing everything from a single .htaccess file in root, right? And can I only do it with PHP files and let other files (e.g. images) be accessed? I don't want to be checking all the theme directories, etc., to permit or not the right ones.

        I'm completely new to .htaccess, so I appreciate your comment and look forward to your answer to my question.

        I'm looking for a solution that'll let me simply do all from a single place. Even if mod_rewrite is slower, the sites I'm working with receive very little traffic and they already have rewrite rules for the URLs to make them more SEO friendly.

        Comment

        • ZYV
          Senior Member
          • Sep 2005
          • 315

          #5
          You can use <Directory> and <File> tags to apply the restrictions from the .htaccess in the root to the subfolders centrally. Check out the documentation on the subject.

          Comment

          • Elite
            Senior Member
            • Apr 2004
            • 168

            #6
            What script are you using?

            IIRC, Joomla for instance doesn't use .htaccess for protection, but does a check at the start of each script...

            Code:
            Options -Indexes
            Should stop directory listings

            Comment

            Working...