Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
protect direct access to php files using mod rewrite
#1
It's currently possible to find out if a certain php file exist, regardless of the output.
What I'd like to point, is that it would be great to prevent direct access to php files using mod rewrite. 2 simple rules would allow only to access index.php

Code:
<FilesMatch "\.php$">
    Order Allow,Deny
    Deny from all
</FilesMatch>
<FilesMatch "index\.php$">
    Order Allow,Deny
    Allow from all
</FilesMatch>

The problem is that this solution cuts out the ability to administrate the website, because menu links in admin panel point directly to .php files.

Adding exceptions to allow rule makes it unusable.
Would you consider to change a little bit backend, to include admin php files rather than loading them directly, so htaccess could prevent direct access to all php files except index.php ?
Addons: blue business theme, Online Visitors, Notepad
Reply


Messages In This Thread
protect direct access to php files using mod rewrite - by yojoe - 2010-11-15, 08:50:10



Users browsing this thread: 1 Guest(s)