4

1) My wp-content is hardened with a .htaccess file containing this code:

<Files *.php> 
deny from all
</Files>

2) I want (need) to authorize xml-sitemap-xsl.php Otherwise I get this error in my error log: client denied by server configuration: /home/user/mysite.net/wp-content/plugins/wordpress-seo/css/xml-sitemap-xsl.php, referer: http://mysite.net/sitemap_index.xml

3) I think I should add the following code but I’m not sure if it’s the right code nor where to place it:

<Files "xml-sitemap-xsl.php">
Allow from all
</Files>

The thing I want to avoid is a conflict between the deny and allow commands.

Thanks,

P.

Parneix
  • 327
  • 3
  • 6
  • 14

2 Answers2

9

This has not much to do with Wordpress and I am not an expert regarding .htaccess, but I believe that what your file is doing is not denying access to your directory by all .php files, rather, denying access to all the .php files inside the directory.

The <Files> directive is used to add specific rules to specific files and, as far as I know, it cascades.

Considering your comment, this should do the trick

<Files *.php> 
    deny from all
</Files>
<Files "xml-sitemap-xsl.php">
    Order Allow,Deny
    Allow from all
</Files>
Sunyatasattva
  • 5,619
  • 3
  • 27
  • 37
  • Hi. Thank you for your feeback. I appreciate it. Then my question should be: in Wordpress, how to denying access to all the .php files inside a directory, except for specific files and/or from specific client? – Parneix Feb 08 '13 at 19:50
  • This is not really a wordpress issue. I think using the .htaccess you posted should do the trick, before `Allow from all` put an `Order allow,deny`. I edited the answer. – Sunyatasattva Feb 08 '13 at 20:28
  • Hi. Thank you. I’ve implemented your solution. For future reference, where should I ask such a question? At the Webmasters StackExchange? – Parneix Feb 08 '13 at 21:41
  • Honestly I am not sure: Stackoverflow itself seems a good place. I am glad I could help. – Sunyatasattva Feb 09 '13 at 15:42
0

see: Deny direct access to all .php files except index.php

Community
  • 1
  • 1
edelwater
  • 2,650
  • 8
  • 39
  • 67
  • Too bad I could only check one. The reference you provided allowed me to confirm the solution see [here](http://stackoverflow.com/a/11711319/348567). Thanks! – Parneix Feb 08 '13 at 21:39