Deny direct access to all .php files except index.php

by

Are you sure, you want to do that? Even css and js files and images and …?

OK, first check if mod_access in installed to apache, then add the following to your .htaccess:

Order Deny,Allow
Deny from all
Allow from 127.0.0.1

<Files /index.php>
    Order Allow,Deny
    Allow from all
</Files>

The first directive forbids access to any files except from localhost, because of Order Deny,Allow, Allow gets applied later, the second directive only affects index.php.

Caveat: No space after the comma in the Order line.

To allow access to files matching *.css or *.js use this directive:

<FilesMatch ".*\.(css|js)$">
    Order Allow,Deny
    Allow from all
</FilesMatch>

You cannot use directives for <Location> or <Directory> inside .htaccess files, though.

Your option would be to use <FilesMatch ".*\.php$"> around the first allow,deny group and then explicitely allow access to index.php.

Update for Apache 2.4:
This answer is correct for Apache 2.2. In Apache 2.4 the access control paradigm has changed, and the correct syntax is to use Require all denied.

More Related Contents:

  1. Htaccess blog slug Rewrite does not work
  2. Using .htaccess to make all .html pages to run as .php files?
  3. Create subdomains on the fly with .htaccess (PHP)
  4. Redirect all to index.php using htaccess
  5. How Can I Remove “public/index.php” in the URL Generated Laravel?
  6. HTTP authentication logout via PHP
  7. Seo Friendly URL results in CSS IMG and JS not working
  8. Htaccess: add/remove trailing slash from URL
  9. URL rewriting : css, js, and images not loading
  10. .htaccess rewrite GET variables
  11. Yii2 htaccess – How to hide frontend/web and backend/web COMPLETELY
  12. CodeIgniter htaccess and URL rewrite issues
  13. .htaccess RewriteRule to preserve GET URL parameters
  14. Getting a 500 Internal Server Error (require() failed opening required path) on Laravel 5+ Ubuntu 14.04
  15. PHP built in server and .htaccess mod rewrites
  16. Rerouting all php requests through index.php
  17. Change WordPress Admin URL
  18. .htaccess 301 redirect of single page
  19. Process HTML files like PHP
  20. mod_rewrite, php and the .htaccess file
  21. Using PHP/Apache to restrict access to static files (html, css, img, etc)
  22. laravel trailing Slashes redirect to localhost
  23. .htaccess mod_rewrite > 500 Internal Server Error
  24. Permission denied: /var/www/abc/.htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable?
  25. How can I disable mod_security in .htaccess file?
  26. .htaccess Redirect non-WWW to WWW preserving URI string
  27. How to remove /public/ from a Laravel URL
  28. How Can I Remove “public/index.php” in the Laravel Url generated? [duplicate]
  29. How can I create custom SEO-friendly URLs in OpenCart?
  30. How can I create custom SEO-friendly URLs in OpenCart?

Leave a Comment