|htaccess - one directory only|
I want to raise level of my sites security, so I am trying to configure htaccess files.
My sites were hacked a few times with some hacker scripts. I understand that hackers usually upload some kind of scripts to Joomla folders (images, tmp, logs, includes, libraries, etc...). So I am trying to create htaccess files to protect these folders.
I add these lines to my .htaccess root folder, but some functionality breaks (some image galleries, extplorer, etc...)
deny from all
allow from all
allow from all
I realize that root htaccess file is parent to all folders inside Joomla hierarchy, so I think it could be much better if I could define those lines to ONE folder ONLY. Later I could upload htaccess file per subfolder to all 1st level sub-folders.
But I dont know how to to this, as I am not so good at coding...
welcome to WebmasterWorld, banegrbic!
you might want to use a <Directory> container.
depending on a lot of other things you might consider using webspace containers vs filesystem containers.
Thx for your answer.
I found this, but it doesnt work. It returns error and home page is not loading.
I want to point to my public_html directory and to allow index.php and index2.php, but its very important that this restriction defines web root only, not sub-directories.
I also tried this:
But I only got Internal Server Error 500.
|you might want to use a <Directory> container. |
When the first post contains the word "htaccess", I normally assume the asker is on shared hosting and therefore can't use <Directory> or <Location>.
If one filename is contained within another, like "index.php" within ".php", separate <Files> envelopes are probably not the way to go.
For several years I had a generic RewriteRule that said simply
RewriteRule \.php - [F,NS]
Later I had to add Conditions to exempt some specific filenames. The [NS] flag means the rule won't apply to SSIs, or to any mod_dir activity (including auto-indexing). It does not cover the results of RewriteRules,* so you have to exempt those by name.
RewriteRule ^paintings/(spare[cr]at)s/(\w+)\.html /paintings/$1s/$1links.php?page=$2 [L]
if anyone wondered. (I'm working with existing naming patterns.)
|shared hosting and therefore can't use <Directory> or <Location> |
my bad - i didn't check allowable contexts for these before posting.
in order to make this functional for any type of access control you will also need Deny and/or Allow directives as required.