Welcome to WebmasterWorld Guest from 23.22.46.195

Forum Moderators: Ocean10000 & incrediBILL & phranque

htaccess - one directory only

   
2:18 pm on Mar 26, 2013 (gmt 0)



Hi people.

I want to raise level of my sites security, so I am trying to configure htaccess files.

My sites were hacked a few times with some hacker scripts. I understand that hackers usually upload some kind of scripts to Joomla folders (images, tmp, logs, includes, libraries, etc...). So I am trying to create htaccess files to protect these folders.

I add these lines to my .htaccess root folder, but some functionality breaks (some image galleries, extplorer, etc...)

<Filesmatch ".(php)$">
order deny,allow
deny from all
</Filesmatch>

<Filesmatch "^index.php">
order allow,deny
allow from all
</Filesmatch>

<Filesmatch "^index2.php">
order deny,allow
allow from all
</Filesmatch>


I realize that root htaccess file is parent to all folders inside Joomla hierarchy, so I think it could be much better if I could define those lines to ONE folder ONLY. Later I could upload htaccess file per subfolder to all 1st level sub-folders.
But I dont know how to to this, as I am not so good at coding...

Any help...
3:00 pm on Mar 26, 2013 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



welcome to WebmasterWorld, banegrbic!

you might want to use a <Directory> container.

depending on a lot of other things you might consider using webspace containers vs filesystem containers.
3:13 pm on Mar 26, 2013 (gmt 0)



Thx for your answer.

I found this, but it doesnt work. It returns error and home page is not loading.

<Directory /path/to/directory>
Order allow,deny
<Files file.php>
Order deny,allow
</Files>
</Directory>


I want to point to my public_html directory and to allow index.php and index2.php, but its very important that this restriction defines web root only, not sub-directories.
3:22 pm on Mar 26, 2013 (gmt 0)



I also tried this:

<Location />
Order allow,deny
<Files index.php>
Order deny,allow
</Files>
</Location>


But I only got Internal Server Error 500.
11:36 pm on Mar 26, 2013 (gmt 0)

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time Top Contributors Of The Month



you might want to use a <Directory> container.

When the first post contains the word "htaccess", I normally assume the asker is on shared hosting and therefore can't use <Directory> or <Location>.

If one filename is contained within another, like "index.php" within ".php", separate <Files> envelopes are probably not the way to go.

For several years I had a generic RewriteRule that said simply

RewriteRule \.php - [F,NS]


Later I had to add Conditions to exempt some specific filenames. The [NS] flag means the rule won't apply to SSIs, or to any mod_dir activity (including auto-indexing). It does not cover the results of RewriteRules,* so you have to exempt those by name.


* Chiefly
RewriteRule ^paintings/(spare[cr]at)s/(\w+)\.html /paintings/$1s/$1links.php?page=$2 [L]

if anyone wondered. (I'm working with existing naming patterns.)
1:44 am on Mar 27, 2013 (gmt 0)

WebmasterWorld Administrator phranque is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month



shared hosting and therefore can't use <Directory> or <Location>


my bad - i didn't check allowable contexts for these before posting.


Order deny,allow

in order to make this functional for any type of access control you will also need Deny and/or Allow directives as required.
 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month