Apache .htaccess

Examples

Prevent PHP-Directory Access

The usage of a special PHP-include directory is a common implementation paradigm.
But you don't want anyone to have access to that directory except the program/application. This snippet prevents the access to the directory file with extension php.

1. Enable Mod Rewrite, this is only required once in each .htaccess file

RewriteEngine On RewriteBase /

1. Test for access to the include directory

RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /phpinclude/.*$ [NC]

1. Test that file requested has php extension

RewriteCond %{REQUEST_FILENAME} ^.+\.php$

1. Forbid Access

RewriteRule .* - [F,NS,L] </syntaxhighlight>

Line 01-03: Needs to be set once and enables the RewriteCond and RewriteRule.
Line 05-06: Tests case insensitive ([NC]=No Case) if the directory is ../phpinclude at the end ($).
Line 08-09: Tests if the file name has the extension .php at the end ($).
Line 11-12: Forbids access to the found file.
- F: Returns a 403 FORBIDDEN response to the client browser.
- NS: Causes a rule to be skipped if the current request is an internal sub-request.
- L: Stop the rewriting process immediately and don't apply any more rules.

Source: https://httpd.apache.org/docs/current/mod/mod_rewrite.html ^[2]

Reference

top

↑ Queness htaccess, Queness.com htaccess post Tips and Tricks.
↑ ^2.0 ^2.1 Apache Docs, Description mod_rewrite module: Rewrite(s) condition and rules.

[1] Queness htaccess, Queness.com htaccess post Tips and Tricks.

[apache-docs-2] 2.0 ^2.1 Apache Docs, Description mod_rewrite module: Rewrite(s) condition and rules.

[1]

[2]

Apache .htaccess

Contents

Examples

Prevent PHP-Directory Access

See also

Reference

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools