John Davidson

Message:

In my httpd-vhosts.conf, I am trying to do the following:

1. disallow any php scripts except index.php in the root directory (but not subdirectories)


2. disallow php scripts in root/wp-content

I have #2 working, but how can I do #1?

My current code is below. It does prevent *.php execution, but it also is including the subdirectories, which I need to have php working in. Note that root is C:\xampp\htdocs\installer_site

#installer_site



<VirtualHost *:80>

    DocumentRoot "C:\xampp\htdocs\installer_site"

    ServerName www.installer_site.loc



#disallow php scripts in root directory except for index.php (this is not working--it disallows php in the subdirectories)

        <DirectoryMatch "^C:\\xampp\\htdocs\\installer_site$">

            <FilesMatch "(?!^index\.php$)(^.*\.php$)">

                Order Deny,Allow

                Deny from All

            </FilesMatch>

        </DirectoryMatch>

    

#disallow php scripts in wp-content (this is working)

    <Directory "C:\xampp\htdocs\installer_site\wp-content">

        <FilesMatch "(?i)\.(php|php3?|phtml)$">

           Order Deny,Allow

           Deny from All

        </FilesMatch>

    </Directory>



</VirtualHost>

---

My Answer:
achieved this by adding the following rules to my httpd-vhosts.conf file:

apache


Order allow,deny
Deny from all





Order allow,deny
Deny from all




This configuration will disallow any PHP scripts in the root directory except for index.php, and it will also disallow PHP scripts in the wp-content directory. Make sure to replace "/path/to/root/directory" with the actual path to your root directory.