asked on

How to deny access to php files except for one using htaccess

I want to deny access to all php files except for one called callback.php and one called serverresult.php. I've tried the code below and in reverse order but it does not seem to work. Is there a solution please?

<Files "/some-directory/callback.php">
    Order Allow,Deny
    Allow from all
</Files>

<Files "/some-directory/serverresult.php">
    Order Allow,Deny
    Allow from all
</Files>

<Files *.php>
order deny,allow
deny from all
allow from 127.0.0.1
</Files>

Open in new window

Josef Pospisil

Hi, (i am not 100% sure but) you could rename the other files you don't want to be accessed e.g. to "*.include" and restrict access to them.

<Files ~ "\.include$">
Order allow,deny
Deny from all
</Files

Open in new window

You could also put the files you don't wan't to be accessed outside the root directory and include them within your accessible *.php files.

But never tested my suggestions...

sjklein42

Try this:

<Files "/some-directory/callback.php">
    Order Allow,Deny
    Allow from all
</Files>

<Files "/some-directory/serverresult.php">
    Order Allow,Deny
    Allow from all
</Files>

<FilesMatch "\.php$">
order deny,allow
deny from all
allow from 127.0.0.1
</Files>

Open in new window

ncw

ASKER

Can the match work like a regular expression and match all php files except callback.php and serverresult.php?

sjklein42

FilesMatch uses regular expressions, but I think it would be awkward to try to exclude those specific files from the match all within a single REGEX expression.

ASKER CERTIFIED SOLUTION

ncw

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

ncw

ASKER

Solved my own problem.