alldevtools
Intern
Intern
  • UID5183
  • Fans0
  • Follows0
  • Posts2
Reads:68517Replies:5

php files not satisfying htaccess rules

Created#
More Posted time:Jul 27, 2018 20:02 PM
Hello,


I'm trying to deny access to php files of specific folder, but it appears that all the htaccess rules are not applied for php files.
Even if i try with a simple one line:

deny from all

The rule is satisfied but not for php files.
Any advise please,

Thank you

BrianBae
Assistant Engineer
Assistant Engineer
  • UID5909
  • Fans1
  • Follows0
  • Posts58
1st Reply#
Posted time:Jul 31, 2018 6:47 AM
You can assign special file in htaccess like below.

<files setup.php>
order allow,deny
deny from all
</files>


setup.php file can't not read from outside.

JohnHanley
Engineer
Engineer
  • UID5606
  • Fans3
  • Follows1
  • Posts75
2nd Reply#
Posted time:Jul 28, 2018 2:34 AM
You probably have .htaccess disabled.

Which version of Linux? Which version of Apache?

The Apache configuration file path varies based up what you have installed.

For example: /etc/httpd/conf/httpd.conf OR /etc/apache2/apache2.conf

Look in you Apache configuration file for this line:
AllowOverride None

If it is set to "None" then .htaccess is disabled.

Change this line to "AllowOverride All"

Restart Apache

GhulamQadir
Senior Engineer
Senior Engineer
  • UID5968
  • Fans4
  • Follows0
  • Posts98
3rd Reply#
Posted time:Jul 28, 2018 1:57 AM
Then please create a support ticket.

alldevtools
Intern
Intern
  • UID5183
  • Fans0
  • Follows0
  • Posts2
4Floor#
Posted time:Jul 27, 2018 22:58 PM
Thank you GhulamQadir for the reply.I agree with you, but as I said before, i have tried the simpliest condition ever , wich is a non conditional deny rule.

deny from all

The rule is working fine for all type of files, except for files with .php extension.

I believe it's something related to the hosting configuration, but i can't figure out if it's customizable in the hosting console or not.



Regards,

GhulamQadir
Senior Engineer
Senior Engineer
  • UID5968
  • Fans4
  • Follows0
  • Posts98
5Floor#
Posted time:Jul 27, 2018 20:44 PM
@alldevtools,




.htaccess with FilesMatch can restrict access for files matching *.inc, *.php and so on
<FilesMatch "\.(?:inc|php|py|rb)$">
Order allow,deny
Deny from all
</FilesMatch>


You can use The following easiest and one liner solution to deny access to certen file types:

RedirectMatch 403 ^/folder/.+\.(png|gif|js)$
This will return a 403 Access forbidden error for clients if they try to access /folder/file.extension .

Guest