'Disallow php scripts except for index.php in root directory (but not subdirectories)
In my httpd-vhosts.conf, I am trying to do the following:
- disallow any php scripts except index.php in the root directory (but not subdirectories)
- disallow php scripts in root/wp-content
I have #2 working, but how can I do #1?
My current code is below. It does prevent *.php execution, but it also is including the subdirectories, which I need to have php working in. Note that root is C:\xampp\htdocs\installer_site
#installer_site
<VirtualHost *:80>
DocumentRoot "C:\xampp\htdocs\installer_site"
ServerName www.installer_site.loc
#disallow php scripts in root directory except for index.php (this is not working--it disallows php in the subdirectories)
<DirectoryMatch "^C:\\xampp\\htdocs\\installer_site$">
<FilesMatch "(?!^index\.php$)(^.*\.php$)">
Order Deny,Allow
Deny from All
</FilesMatch>
</DirectoryMatch>
#disallow php scripts in wp-content (this is working)
<Directory "C:\xampp\htdocs\installer_site\wp-content">
<FilesMatch "(?i)\.(php|php3?|phtml)$">
Order Deny,Allow
Deny from All
</FilesMatch>
</Directory>
</VirtualHost>
Solution 1:[1]
I found a solution, actually a question, that happened to fulfill my conditions. It used two .htaccess files.
One in the root:
<Files *.php>
Order Deny,Allow
Deny from all
</Files>
<Files index.php>
Order Allow,Deny
Allow from all
</Files>
One in the /wp-admin
<Files *.php>
Order Deny,Allow
Allow from all
</Files>
The end result is that:
- php doesn't work in the root
- except for index.php
- and php does work in wp-content
The issue was that php was being disallowed, not just in the root, but in subdirectories. The rule to allow php in wp-admin solved that issue.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Mike C |