stackoom
  简体   繁体   中英

Page 403 Forbidden for root directory for Deny from all in .htaccess

 原文  2023-01-29 08:48:17       apache/ .htaccess/ mod-rewrite/ url-rewriting/ friendly-url

Question

I have next .htaccess in root directory

RewriteEngine on
RewriteRule ^$ index.php [L]
Order Deny,Allow
Deny from all
<Files index.php>
Allow from all
</Files>

And get Page 403 Forbidden for www.example.com instead of www.example.com/index.php .

URL www.example.com/index.php is available.

Access to all files in the root directory is closed. These files are generated by scripts, the file names are unknown.

How to fix it?

1 answers

solution1
 1 ACCPTED  2023-01-29 10:02:06

 <Files index.php> Allow from all </Files>

Try the following instead:

<FilesMatch "^(index\.php)?$">
Allow from all
</FilesMatch>

UPDATE: Added missed anchors !

(Although I would assume you are on Apache 2.4, so you should be using the corresponding Require directives instead of Order , Deny and Allow .)

Alternatively, replace all you existing directives with the following:

DirectoryIndex index.php

RewriteEngine On
RewriteRule !^(index\.php)?$ - [F]

This allows access to both example.com/ and example.com/index.php . To block direct access to index.php then try the following instead:

RewriteRule ^[^/]+$ - [F]

mod_dir (ie. "DirectoryIndex") is processed after mod_rewrite. 

 RewriteRule ^$ index.php [L]

This rule is redundant, it should be handled by DirectoryIndex instead.

UPDATE:

RewriteRule.^(index?php),$ - [F] works. but I add RewriteRule?^(index2.php).$ - [F] for second file index2.php and It dont work... I am getting 403 error for www.example.com/index2.php.. . I need access to several files

By adding another rule it would end up blocking both URLs. Since one or other rule will always be successful.

You can use regex alternation in a single rule. For example:

RewriteRule !^(index\.php|index2\.php)?$ - [F]

The same regex could be used in the <FilesMatch> container above.

Or, if you have many such exceptions, it might be more readable to have multiple conditions . For example:

RewriteCond %{REQUEST_URI} !=index.php
RewriteCond %{REQUEST_URI} !=index2.php
RewriteCond %{REQUEST_URI} !=index3.php
RewriteRule !^$ - [F]

Note, however, like your original rule, this also blocks URLs in "subdirectories", not just the root directory.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question htaccess <Directory> deny from all Deny from all in subdirectory htaccess not overriding file rules in root htaccess .htaccess rewrite root directory forbidden if URI is directory, return 403 forbidden in htaccess htaccess <Directory> deny from all apache2 ubuntu .htaccess - Deny from all except index.php and current directory ./ Permission “deny from all” set from apache or htaccess doesn't give forbidden on require php htaccess redirect to different page on 403 Forbidden Error how to deny all unexcepted host headers 403 forbidden? Apache 2.4 .htaccess all directories give 403 Forbidden
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM