I am using htaccess to deny access to my php-files. Nevertheless I need some of them called from outside, e.g. index.php
I came up with
<Files a_string_a.php>
Order Allow,Deny
Allow from all
</Files>
Works as expected, I can use the file. But I have several files. I want to avoid to write for every files such a block. Is there a chance to explain htaccess that it shall give access to all files that matches
..._string_.....PHP? (containing a unique string no matter what else is in the filename)
I am pretty sure there is a RegExpress for this but I am kinda lost and not sue how to integrate this into htacess - thank you for a tip.
Maybe like this:
<FilesMatch "(index|foo|bar)\.php$">
Order Allow,Deny
Allow from all
</FilesMatch>
And add any file basename with a | (regex or).
See https://httpd.apache.org/docs/2.4/mod/core.html#filesmatch
..._string_.....PHP? (containing a unique string no matter what else is in the filename)
You may be able to use this FilesMatch directive with a regex:
<FilesMatch "(?i)^.*_string_.*\.php$">
Order Allow,Deny
Allow from all
</FilesMatch>
RegEx Details:
(?i): Enable ignore case matching
^: Start
.*: Match 0 or more of any characters
_string_: Match _string_
.*: Match 0 or more of any characters
\.php: Match .php
$: End
Related
Currently we have:
# ----------------------------------------+++++----
<FilesMatch "(?i)(\.tpl|.twig|\.ini|\.log|\.txt)">
Require all denied
</FilesMatch>
But we need to allow robots.txt and ads.txt.
How to achieve that?
Try this:
(?i)(\.tpl|.twig|\.ini|\.log|(?<!robots|ads)\.txt)$
(?<!robots|ads)\.txt not robots or ads followed by .txt.
$ the end of the line/string.
See regex demo
I'm looking for a solution with htaccess to block access to files that contains the word "scheduleBackup" (case sensitive).
I tried this but it does not work :
<filesMatch "/scheduleBackup/i">
Order allow,deny
Deny from all
</FilesMatch>
Thanks in advance for your help.
I finally found the answer :
<FilesMatch "_scheduleBackup_full_">
Order allow,deny
Deny from all
</FilesMatch>
Now it works !
Try this instead:
<FilesMatch "/website\.com_scheduleBackup_full_\d{4}-\d{2}-\d{2}_.+?\.zip/">
Order allow,deny
Deny from all
</FilesMatch>
i means insensitive case.
To block access to any file with scheduleBackup (ignore case) text you can use this code in your DOCUMENT_ROOT/.htaccess file:
RewriteEngine On
RewriteRule scheduleBackup - [F,NC]
I have the following .htaccess file on our xxx.yyy.edu site, in the root.
<FilesMatch "(.+)\.php">
AuthType shibboleth
ShibRequestSetting requireSession 1
ShibUseHeaders On
Require valid-user
ShibRequestSetting redirectToSSL 443
</FilesMatch>
This should only match files that end in .php, and match all files that end in .php, then force authentication. That part of it appears to work fine.
However, it also matches the root url, http://xxx.yyy.edu and http://xxx.yyy.edu/. Which isn’t a good thing, since it is forcing the root of the site to be authenticated.
It does not match xxx.yyy.edu/index.htm, or any other url that has anything after the domain name, like xxx.yyy.edu/students.htm or even xxx.yyy.edu/x
I’ve tested it in www.regexr.com, and it does not match the root url there.
Any thoughts/suggestions appreciated.
You are getting authentication dialog because on your landing page default page is set to index.php.
Have this FilesMatch with negative lookahead to avoid index.php from authentication:
<FilesMatch "^(?!index\.php$).+?\.php$">
AuthType shibboleth
ShibRequestSetting requireSession 1
ShibUseHeaders On
Require valid-user
ShibRequestSetting redirectToSSL 443
</FilesMatch>
Sounds like perhaps it is matching the newline with the "dot" (a la XRegExp). Try something like \w+:[\d\w\s\./]+\.php.
In my htaccess, I only allow specific filenames to be accessed, until now.
I need to match a filename like this:
some-364-file-name-12345.htm
or
some-364-file-name-123456.htm
crude attempt of dozens
<FilesMatch "^[a-Z0-9]\d{5}/.htm$">
## but need yada-yada-5 OR 6 digits followed by .htm
Order allow,deny
allow from all
</FilesMatch>
My existing is this:
<FilesMatch "(index.html|robots.txt|sitemap.xml|subscribe.htm)$">
Order allow,deny
allow from all
</FilesMatch>
CAN I ACTUALLY add the solution to my existing line?
So, being very unfamiliar with regex, although I have been trying all day and can't figure this out, how can I allow the pages I have:
some-file-name-312-33-12345.htm
some-33-333-file-name-654321.htm
I just want to match all alpha numeric (also dashes) followed by a 5 or 6 digit number .htm
I need a guru as 6 hours of reading and attempting has brought me here.
Thanks...
Try this regex:
<FilesMatch "\d{5,6}\.html?$">
As the title says, I would like to exclude from apache execution all php files but not some of them that I know to be "legal".
I've tried with [^(file1|file2|file3|...|filen)|(\*)].[(php)|^(\*)] but it seem to match only the last character of the file inside ()
I've also tried with negative lookahead but with no result.
Could someone point me in the right direction?
Edit: Obviously I use Deny from all under that expression
<Files> allows a regex use with ~ operator but <FilesMatch> should be preferred:
<FilesMatch '\.php$'>
Deny from all
</FilesMatch>
<FilesMatch '(file1|file2|file3)\.php$'>
Allow from all
</FilesMatch>
Official Doc says:
Regular expressions can also be used, with the addition of the ~
character. For example:
<Files ~ "\.(gif|jpe?g|png)$">
#... </Files>
would match most common Internet graphics formats. <FilesMatch> is
preferred, however.