homepage Welcome to WebmasterWorld Guest from 54.227.41.242
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
htaccess - one directory only
banegrbic




msg:4558597
 2:18 pm on Mar 26, 2013 (gmt 0)

Hi people.

I want to raise level of my sites security, so I am trying to configure htaccess files.

My sites were hacked a few times with some hacker scripts. I understand that hackers usually upload some kind of scripts to Joomla folders (images, tmp, logs, includes, libraries, etc...). So I am trying to create htaccess files to protect these folders.

I add these lines to my .htaccess root folder, but some functionality breaks (some image galleries, extplorer, etc...)

<Filesmatch ".(php)$">
order deny,allow
deny from all
</Filesmatch>

<Filesmatch "^index.php">
order allow,deny
allow from all
</Filesmatch>

<Filesmatch "^index2.php">
order deny,allow
allow from all
</Filesmatch>


I realize that root htaccess file is parent to all folders inside Joomla hierarchy, so I think it could be much better if I could define those lines to ONE folder ONLY. Later I could upload htaccess file per subfolder to all 1st level sub-folders.
But I dont know how to to this, as I am not so good at coding...

Any help...

 

phranque




msg:4558606
 3:00 pm on Mar 26, 2013 (gmt 0)

welcome to WebmasterWorld, banegrbic!

you might want to use a <Directory> container.

depending on a lot of other things you might consider using webspace containers vs filesystem containers.

banegrbic




msg:4558622
 3:13 pm on Mar 26, 2013 (gmt 0)

Thx for your answer.

I found this, but it doesnt work. It returns error and home page is not loading.

<Directory /path/to/directory>
Order allow,deny
<Files file.php>
Order deny,allow
</Files>
</Directory>


I want to point to my public_html directory and to allow index.php and index2.php, but its very important that this restriction defines web root only, not sub-directories.

banegrbic




msg:4558623
 3:22 pm on Mar 26, 2013 (gmt 0)

I also tried this:

<Location />
Order allow,deny
<Files index.php>
Order deny,allow
</Files>
</Location>


But I only got Internal Server Error 500.

lucy24




msg:4558750
 11:36 pm on Mar 26, 2013 (gmt 0)

you might want to use a <Directory> container.

When the first post contains the word "htaccess", I normally assume the asker is on shared hosting and therefore can't use <Directory> or <Location>.

If one filename is contained within another, like "index.php" within ".php", separate <Files> envelopes are probably not the way to go.

For several years I had a generic RewriteRule that said simply

RewriteRule \.php - [F,NS]

Later I had to add Conditions to exempt some specific filenames. The [NS] flag means the rule won't apply to SSIs, or to any mod_dir activity (including auto-indexing). It does not cover the results of RewriteRules,* so you have to exempt those by name.


* Chiefly
RewriteRule ^paintings/(spare[cr]at)s/(\w+)\.html /paintings/$1s/$1links.php?page=$2 [L]
if anyone wondered. (I'm working with existing naming patterns.)

phranque




msg:4558762
 1:44 am on Mar 27, 2013 (gmt 0)

shared hosting and therefore can't use <Directory> or <Location>


my bad - i didn't check allowable contexts for these before posting.


Order deny,allow

in order to make this functional for any type of access control you will also need Deny and/or Allow directives as required.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved