.htaccess deny access to specific files? more than one

php security apache .htaccess file
21,818

Solution 1

If you want to exclude files based on regular expressions, you could use FilesMatch instead of Files, e.g.:

<FilesMatch ^((home|test|file)\.php$|mysecretfolder|asecretpicture\.jpe?g)$>
...
</FilesMatch>

Solution 2

Looks like you have to exclude those files one by one:

<files home.php>
Deny/Allow/Whatever
</files>
<files file.php>
...

You can use *.gif in <files> or something*, but as home.php, file.php and test.php can't really be grouped with a "*", this is probably the only way to go.

Solution 3

since apache 2.4 

<FilesMatch "\.htaccess|config\.php">

    Require all denied

</FilesMatch>

instead of 

<FilesMatch "\.htaccess|config\.php">

    Order allow,deny 
    Deny from all 

</FilesMatch>
Share:
21,818
oni-kun
Author by

oni-kun

Updated on July 09, 2022

Comments

  • oni-kun
    oni-kun almost 2 years

    I am able to disable access to a file with .htaccess, but I don't know how to disallow multiple files to be viewed (directly, not from includes)

    They are .php so I can't disable a file type (like the only tutorials online say..)

    <FILES ... ? 

</FILES>

    Or something.. For example "home.php, file.php , test.php" how do I disallow access to all three files with that tag? or similar, help please!

  • oni-kun
    oni-kun over 14 years
    Perfect, I love the piping for each file name, just what I wanted. Thank you.
  • Residuum
    Residuum over 14 years
    Caveat: Use start and end of the string, if you want to exclude /test.php, but not /public/test.php or /test.php.bak
  • Imperative
    Imperative about 10 years
    That is the most useful thing I've seen all week. Granted, it's just past 2pm on a Monday, but still.
  • jamix
    jamix over 4 years
    Caveat: Including mysecretfolder in the FilesMatch directive will not deny access to all files within that directory.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to run php script in png/jpg extension
.htaccess deny all, including the htaccess file and display 404 - how do I do it?
Using PHP/Apache to restrict access to static files (html, css, img, etc)
How to Block 100,000+ Individual IP addresses
Is it possible to change the $_SERVER['HTTP_HOST'] in htaccess?
.htaccess in Subfolder not working
file_put_contents php permissions
How to check in .htaccess if PHP is enabled?
Allow access to all files from only 1 IP address and redirect all others to other file
only default permalinks working wordpress others become 404 error