How to Restrict Direct Access to PHP Files, Except for Index.php, Using .htaccess?

Restricting Direct Access to PHP Files

To prevent unauthorized access to all PHP files in a directory except for index.php, you can implement security measures using Apache's .htaccess file.

Configuring .htaccess:

1. Open or create a .htaccess file in the root directory where the PHP files reside.
2. Add the following directives:

Order Deny,Allow
Deny from all
Allow from 127.0.0.1

<Files /index.php>
    Order Allow,Deny
    Allow from all
</Files>

Explanation:

• Order Deny,Allow: By default, access is denied to all files. This directive reverses that order to allow access to specific files explicitly.
• Deny from all: Initially, access is denied from all IP addresses.
• Allow from 127.0.0.1: This allows access only from the local host, which is typically the only allowed IP address that should access these PHP files directly.
• directive: You can also use regular expressions to match and specify exceptions to the access restrictions. For example, to allow access to .css and .js files:

<FilesMatch ".*\.(css|js)$">
    Order Allow,Deny
    Allow from all
</FilesMatch>

Caution:

• Do not leave any spaces after the commas in the Order directives.
• This approach does not protect against directory browsing or access to non-PHP files.
• Carefully consider the security implications of allowing access even from localhost, as attackers could use local privilege escalation techniques to access these files.

The above is the detailed content of How to Restrict Direct Access to PHP Files, Except for Index.php, Using .htaccess?. For more information, please follow other related articles on the PHP Chinese website!