Disable a file execution inside a folder .htaccess rule

Question

I have a site where I want to disable certain extensions of file execution just for that folder.

EG: www.yoursite.com/cache/test.php

should not be executed.

I tried this code :

<FilesMatch "\.(htaccess|htpasswd|ini|phps|fla|psd|log|sh|zip|exe|pl|jsp|asp|htm|sh|cgi|py|php)$">
  Order Allow,Deny
  Deny from all
</FilesMatch>

But this stopped my sites functionality.

I just want this rule to be applied inside cache folder but I can not place the .htaccess file inside because this folder is regularly cleared.

score 4 · Answer 1 · answered Aug 14 '12 at 10:31

4

Try adding this line to you root .htaccess file :

RewriteRule ^cache/.*\.(htaccess|htpasswd|ini|phps?|fla|psd|log|sh|zip|exe|pl|jsp|asp|htm|sh|cgi|py)$ - [F]

The flag will result in displaying a 403 Forbidden Error

answered Aug 14 '12 at 10:31

Oussama Jilal

2

This one works pervectly. But make sure you placed it before RewriteCond %{REQUEST_FILENAME} !-d and RewriteCond %{REQUEST_FILENAME} !-f or existing files will still be executed – Swayok Sep 06 '13 at 13:37

Lix · Accepted Answer · 2012-08-14T10:40:54.250

All you have to do is place that .htaccess file within that specific cache folder.

.htaccess files provide a way to make configuration changes on a per-directory basis.

Placing that rule in your .htaccess file in the root of your website will enable those rules on your entire site.

If you want this rule to be enabled from outside that cache folder, you might want to try this rule in your main .htaccess file -

RewriteEngine On
RewriteRule ^cache/.*\.(htaccess|htpasswd|ini|...)$ /access_denied.php

The rule tests to see if the requested file's

If those conditions are all met, it passes that call to the access_denied.php script where you could display an appropriate error message.

but when I clean the cache folder that file also gets deleted is there any other rule which can disable this execution — Niraj Chauhan, Aug 14 '12 at 10:11

2 Answers2