How to set a list of allowed PHP files?

M

Maxim Alekhin2016-07-07 10:02:15

PHP

Maxim Alekhin, 2016-07-07 10:02:15

How to set a list of allowed php files to run in .htaccess?
All others should be blocked, not run or redirected.
Example, allow:
/index.php, /chat/index.php, /forum/index.php, /admin/index.php (and those via include)
Any others - disable.
There are tens of thousands of folders, please do not offer in each folder.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

A

Alexander Ablizin, 2016-07-07
@Settler1

This .htaccess from October CMS might point the way

<IfModule mod_rewrite.c>

    <IfModule mod_negotiation.c>
        Options -MultiViews
    </IfModule>

    RewriteEngine On

    ##
    ## You may need to uncomment the following line for some hosting environments,
    ## if you have installed to a subdirectory, enter the name here also.
    ##
    # RewriteBase /

    ##
    ## Black list protected files
    ##
    RewriteRule ^themes/.*/(layouts|pages|partials)/.*.htm index.php [L,NC]
    RewriteRule ^bootstrap/.* index.php [L,NC]
    RewriteRule ^config/.* index.php [L,NC]
    RewriteRule ^vendor/.* index.php [L,NC]
    RewriteRule ^storage/cms/.* index.php [L,NC]
    RewriteRule ^storage/logs/.* index.php [L,NC]
    RewriteRule ^storage/framework/.* index.php [L,NC]
    RewriteRule ^storage/temp/protected/.* index.php [L,NC]
    RewriteRule ^storage/app/uploads/protected/.* index.php [L,NC]

    ##
    ## White listed folders and files
    ##
    RewriteCond %{REQUEST_FILENAME} -f
    RewriteCond %{REQUEST_URI} !\.js$
    RewriteCond %{REQUEST_URI} !\.map$
    RewriteCond %{REQUEST_URI} !\.ico$
    RewriteCond %{REQUEST_URI} !\.jpg$
    RewriteCond %{REQUEST_URI} !\.jpeg$
    RewriteCond %{REQUEST_URI} !\.bmp$
    RewriteCond %{REQUEST_URI} !\.png$
    RewriteCond %{REQUEST_URI} !\.gif$
    RewriteCond %{REQUEST_URI} !\.svg$
    RewriteCond %{REQUEST_URI} !\.css$
    RewriteCond %{REQUEST_URI} !\.less$
    RewriteCond %{REQUEST_URI} !\.scss$
    RewriteCond %{REQUEST_URI} !\.pdf$
    RewriteCond %{REQUEST_URI} !\.swf$
    RewriteCond %{REQUEST_URI} !\.txt$
    RewriteCond %{REQUEST_URI} !\.xml$
    RewriteCond %{REQUEST_URI} !\.xls$
    RewriteCond %{REQUEST_URI} !\.eot$
    RewriteCond %{REQUEST_URI} !\.woff$
    RewriteCond %{REQUEST_URI} !\.woff2$
    RewriteCond %{REQUEST_URI} !\.ttf$
    RewriteCond %{REQUEST_URI} !\.flv$
    RewriteCond %{REQUEST_URI} !\.wmv$
    RewriteCond %{REQUEST_URI} !\.mp3$
    RewriteCond %{REQUEST_URI} !\.ogg$
    RewriteCond %{REQUEST_URI} !\.wav$
    RewriteCond %{REQUEST_URI} !\.avi$
    RewriteCond %{REQUEST_URI} !\.mov$
    RewriteCond %{REQUEST_URI} !\.mp4$
    RewriteCond %{REQUEST_URI} !\.mpeg$
    RewriteCond %{REQUEST_URI} !\.webm$
    RewriteCond %{REQUEST_URI} !\.mkv$
    RewriteCond %{REQUEST_URI} !\.rar$
    RewriteCond %{REQUEST_URI} !\.zip$
    RewriteCond %{REQUEST_URI} !docs/.*
    RewriteCond %{REQUEST_URI} !themes/.*
    RewriteRule ^ index.php [L,NC]

    ##
    ## Standard routes
    ##
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteRule ^ index.php [L]

</IfModule>

D

devian3000, 2016-07-07
@devian3000

in every folder. The path will be in the GET PATH parameter.
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php?path=$1 [NC,L,QSA]
Here's a StackOverflow link for the first google query.
stackoverflow.com/questions/18406156/redirect-all-...