I need to prevent direct access of all the php files but allow only files pass.php

how can i do that

<Files ~ ".php$">
Order allow,deny
Deny from all
Allow from 127.0.0.1
</Files>
the code only allow access to localhost.

now what if i want to allow access only to

https://www.eexample.com/record/pass.php

is it like this

<Files ~ ".php$">
Order allow,deny
Deny from all
Allow from https://www.example.com/record/pass.php
</Files>

Have you tried using 2 Files directives? One to restrict access to all *.php files and then one to allow access to only one?

<Files ~ ".php$">
Order allow,deny
Deny from all
</Files>
<Files "pass.php">
Order allow,deny
Allow from all
</Files>

Member Avatar

diafol

You should also store your sensitive include files above the docroot.

my web directory is as follows.where do i upload the file assuming my file is in folder called upload
/home
     /etc
     /public_html------->docroot
     /public_ftp
     /temp
     /www


 Do i also have to password all the directory. what about file permissions starting from /home down to /www    
Member Avatar

diafol

files above the docroot shouldn't be able to be accessed from the browser, only from same-domain files AFAIK.

Member Avatar

LastMitch

my web directory is as follows.where do i upload the file assuming my file is in folder called upload

@mutago

It really depends on how your host server structure. Not all host server work a like. I used go-daddy I know things I do on there will not work on other host for example using apache code and compression files and etc ...