Member Avatar for nevergone

Hi,
I have a website and inside it I have an includes folder that contains *.inc.php files.
Website is using ajax and I dont want the files to be accessed directly,but only by my website , or at least dont allow external data sent to them.
Inside includes folder I have placed a .htaccess file and tried to add these codes one by one,but none of them did what I wanted.Sometimes files were unable to access by website,other times I could sent data via post from another website to a file inside the includes folder.
1.

Options -Indexes
Errordocument 403 /index.php
Errordocument 404 /index.php
<Files ~"\.php$">
Order deny,allow
Deny from all
Allow from sitename.com
</Files>

2.

Options -Indexes
Errordocument 403 /index.php
Errordocument 404 /index.php
SetEnvIf Referer  !^http://(www\.)?subdomain.domain\.eu/.*$ banned
<Limit GET POST PUT> 
order allow,deny 
allow from all
deny from banned
</Limit>

3.

Options -Indexes
Errordocument 403 /index.php
Errordocument 404 /index.php
<Limit GET POST PUT> 
order deny,allow 
deny from all 
allow from sitename.com
</Limit>
  • 2 Contributors
  • 1 Reply
  • 74 Views
  • 2 Days Discussion Span
  • Latest Post Latest Post by nileshgr
Member Avatar for nileshgr

Try this:

<FilesMatch "\.php$">
Order deny,allow
Deny from All
Allow from .sitename.com
</FilesMatch>

This is not going to work if the Apache server of your host or your own does not process .htaccess files OR does not allow FileInfo override.

For this problem, contact your host, or put this configuration in your httpd.conf / Virtualhost:

AccessFileName .htaccess
<Directory "/path/document-root">
AllowOverride FileInfo
</Directory>

More info on AllowOverride is here - http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.