Block index.php everywhere except in the root directory with .htaccess

Question

I have a folder structure like this:

subdir
|_ subsubdir
  |_ index.php
  |_ other_stuff.php
  |_ images
    |_ pic.jpg
.htaccess
config.ini
index.php

Content of the .htacces file:

Options +FollowSymLinks -MultiViews -Indexes

Order Deny,Allow
<FilesMatch "(\.ini$)|(\.php$)|(^\.)">
    Deny from all
</FilesMatch>
<Files index.php>
    Allow from all
</Files>

My goal is to keep users from viewing subdir/subsubdir/index.php (and all other *.php files, no matter where, but this works already) but allow them to see the index.php in the root directory.

Currently, the user is obviously still able to see subdir/subsubdir/index.php, because all files named "index.php" are allowed, but I have no idea how to allow just the one in the root directory and deny all others. I have tried different things but endet up either completely denying or allowing them all.

I feel like this should be a very easy task but I just can't figure it out.

Things I have tried:

<FilesMatch "\.\/index\.php">
    Allow from all
</FilesMatch>

---

<FilesMatch "^index\.php$">
    Allow from all
</FilesMatch>

---

<Files ./index.php>
    Allow from all
</Files>

---

<Files /index.php>
    Allow from all
</Files>

score 4 · Accepted Answer · answered Mar 06 '15 at 21:32

4

Comment out both FilesMatch blocks:

And use this code:

RewriteEngine On

RewriteCond %{REQUEST_URI} !^/index\.php$ [NC]
RewriteRule ^\.|\.(ini|php)$ - [F,NC]

answered Mar 06 '15 at 21:32

anubhava

664,788
59
469
547

1

This works! Didn't think of using mod_rewrite for this... Seems so obvious now. Thank you for the quick answer! – Marc Eickhoff Mar 06 '15 at 21:40

Block index.php everywhere except in the root directory with .htaccess

1 Answers1