1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 4:14 pm May 1, 2026

Forum Moderators: phranque

Message Too Old, No Replies

htaccess - one directory only

         

banegrbic

2:18 pm on Mar 26, 2013 (gmt 0)

10+ Year Member



Hi people.

I want to raise level of my sites security, so I am trying to configure htaccess files.

My sites were hacked a few times with some hacker scripts. I understand that hackers usually upload some kind of scripts to Joomla folders (images, tmp, logs, includes, libraries, etc...). So I am trying to create htaccess files to protect these folders.

I add these lines to my .htaccess root folder, but some functionality breaks (some image galleries, extplorer, etc...) 

<Filesmatch ".(php)$">
order deny,allow
deny from all
</Filesmatch>
 
<Filesmatch "^index.php">
order allow,deny
allow from all
</Filesmatch>
 
<Filesmatch "^index2.php">
order deny,allow
allow from all
</Filesmatch>


I realize that root htaccess file is parent to all folders inside Joomla hierarchy, so I think it could be much better if I could define those lines to ONE folder ONLY. Later I could upload htaccess file per subfolder to all 1st level sub-folders.
But I dont know how to to this, as I am not so good at coding...

Any help...

phranque

3:00 pm on Mar 26, 2013 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



welcome to WebmasterWorld, banegrbic!

you might want to use a <Directory> container.

depending on a lot of other things you might consider using webspace containers vs filesystem containers.

banegrbic

3:13 pm on Mar 26, 2013 (gmt 0)

10+ Year Member



Thx for your answer.

I found this, but it doesnt work. It returns error and home page is not loading. 

<Directory /path/to/directory>
    Order allow,deny
    <Files file.php>
      Order deny,allow
    </Files>
  </Directory>


I want to point to my public_html directory and to allow index.php and index2.php, but its very important that this restriction defines web root only, not sub-directories.

banegrbic

3:22 pm on Mar 26, 2013 (gmt 0)

10+ Year Member



I also tried this: 

<Location />
    Order allow,deny
    <Files index.php>
      Order deny,allow
    </Files>
  </Location>


But I only got Internal Server Error 500.

lucy24

11:36 pm on Mar 26, 2013 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



you might want to use a <Directory> container.

When the first post contains the word "htaccess", I normally assume the asker is on shared hosting and therefore can't use <Directory> or <Location>.

If one filename is contained within another, like "index.php" within ".php", separate <Files> envelopes are probably not the way to go.

For several years I had a generic RewriteRule that said simply 

RewriteRule \.php - [F,NS]


Later I had to add Conditions to exempt some specific filenames. The [NS] flag means the rule won't apply to SSIs, or to any mod_dir activity (including auto-indexing). It does not cover the results of RewriteRules,* so you have to exempt those by name.


* Chiefly 
RewriteRule ^paintings/(spare[cr]at)s/(\w+)\.html /paintings/$1s/$1links.php?page=$2 [L]

if anyone wondered. (I'm working with existing naming patterns.)

phranque

1:44 am on Mar 27, 2013 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



shared hosting and therefore can't use <Directory> or <Location>


my bad - i didn't check allowable contexts for these before posting.


Order deny,allow

in order to make this functional for any type of access control you will also need Deny and/or Allow directives as required.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 4:14 pm May 1, 2026