Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How to deny access to php files except for one using htaccess

Posted on 2011-10-12
6
Medium Priority
?
282 Views
Last Modified: 2012-06-27
I want to deny access to all php files except for one called callback.php and one called serverresult.php. I've tried the code below and in reverse order but it does not seem to work. Is there a solution please?
<Files "/some-directory/callback.php">
    Order Allow,Deny
    Allow from all
</Files>

<Files "/some-directory/serverresult.php">
    Order Allow,Deny
    Allow from all
</Files>

<Files *.php>
order deny,allow
deny from all
allow from 127.0.0.1
</Files>

Open in new window

0
Comment
Question by:ncw
  • 3
  • 2
6 Comments
 
LVL 6

Expert Comment

by:Jelcin
ID: 36957520
Hi, (i am not 100% sure but) you could rename the other files you don't want to be accessed e.g. to "*.include" and restrict access to them.

<Files ~ "\.include$">
Order allow,deny
Deny from all
</Files

Open in new window


You could also put the files you don't wan't to be accessed outside the root directory and include them within your accessible *.php files.

But never tested my suggestions...
0
 
LVL 16

Expert Comment

by:sjklein42
ID: 36957671
Try this:

<Files "/some-directory/callback.php">
    Order Allow,Deny
    Allow from all
</Files>

<Files "/some-directory/serverresult.php">
    Order Allow,Deny
    Allow from all
</Files>

<FilesMatch "\.php$">
order deny,allow
deny from all
allow from 127.0.0.1
</Files>

Open in new window

0
 
LVL 1

Author Comment

by:ncw
ID: 36958178
Can the match work like a regular expression and match all php files except callback.php and serverresult.php?
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 
LVL 16

Expert Comment

by:sjklein42
ID: 36958408
FilesMatch uses regular expressions, but I think it would be awkward to try to exclude those specific files from the match all within a single REGEX expression.
0
 
LVL 1

Accepted Solution

by:
ncw earned 0 total points
ID: 36958991
I've found that the code below works, I left out the directory structure and just specified the file names.
<Files *.php>
order deny,allow
deny from all
allow from 127.0.0.1
</Files>

<Files "serverresult.php">    
    Order Allow,Deny
    Allow from all
</Files>

<Files "callback.php">
    Order Allow,Deny
    Allow from all
</Files>

Open in new window

0
 
LVL 1

Author Closing Comment

by:ncw
ID: 36978263
Solved my own problem.
0

Featured Post

Restore individual SQL databases with ease

Veeam Explorer for Microsoft SQL Server delivers an easy-to-use, wizard-driven interface for restoring your databases from a backup. No expert SQL background required. Web interface provides a complete view of all available SQL databases to simplify the recovery of lost database

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting http://domain.com (http://domain.com) to http…
If you are running a LAMP infrastructure, this little code snippet is very helpful if you are serving lots of HTML, JavaScript and CSS-related information. The mod_deflate module, which is part of the Apache 2.2 application, provides the DEFLATE…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses
Course of the Month21 days, 6 hours left to enroll

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question