0

Hi,
I have a website and inside it I have an includes folder that contains *.inc.php files.
Website is using ajax and I dont want the files to be accessed directly,but only by my website , or at least dont allow external data sent to them.
Inside includes folder I have placed a .htaccess file and tried to add these codes one by one,but none of them did what I wanted.Sometimes files were unable to access by website,other times I could sent data via post from another website to a file inside the includes folder.
1.

Options -Indexes
Errordocument 403 /index.php
Errordocument 404 /index.php
<Files ~"\.php$">
Order deny,allow
Deny from all
Allow from sitename.com
</Files>

2.

Options -Indexes
Errordocument 403 /index.php
Errordocument 404 /index.php
SetEnvIf Referer  !^http://(www\.)?subdomain.domain\.eu/.*$ banned
<Limit GET POST PUT> 
order allow,deny 
allow from all
deny from banned
</Limit>

3.

Options -Indexes
Errordocument 403 /index.php
Errordocument 404 /index.php
<Limit GET POST PUT> 
order deny,allow 
deny from all 
allow from sitename.com
</Limit>
2
Contributors
1
Reply
2
Views
7 Years
Discussion Span
Last Post by nileshgr
0

Try this:

<FilesMatch "\.php$">
Order deny,allow
Deny from All
Allow from .sitename.com
</FilesMatch>

This is not going to work if the Apache server of your host or your own does not process .htaccess files OR does not allow FileInfo override.

For this problem, contact your host, or put this configuration in your httpd.conf / Virtualhost:

AccessFileName .htaccess
<Directory "/path/document-root">
AllowOverride FileInfo
</Directory>

More info on AllowOverride is here - http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.