0

I want to deny direct access to all files, except one: go.php.

I've read this question, but in my case it doesn't work because I send also a GET parameter.

That means that all files should be denied, except when trying to go to www.domain.com/go.php?code=xyz123.

My code now:

Order Allow,Deny
deny from all
allow from [my IP here]

<FilesMatch "go.php">
    Allow from all
</FilesMatch>

How can I fix it?

Thanks!

EDIT 1

I updated the code to:

<Files go.php>
Allow from all
</Files>

Now it does allow if the url is domain.com/go.php?code=123. The thing is that I use pretty URLs with this rewrite condition:

RewriteRule ^go/([a-z0-9]+)$                /go.php?code=$1
RewriteRule ^go/([a-z0-9]+)/$               /go.php?code=$1

So, the above Files code does not work if the url is domain.com/go/123. How to fix this?

Community
  • 1
  • 1
Aviel Shomron
  • 41
  • 5
  • You _could_ implement that based on a `RewriteCond` looking for the GET parameter and a `RewriteRule` redirecting everything else to an error document. But this is a strange concept, access control via a GET parameter... – arkascha Jan 28 '17 at 16:14
  • I don't mind that people would access `go.php` becuase by the php file, is there's no `code` GET parameter, you just get redirected to the 404 page. So basically what I need is the code to write in the `FilesMatch`, becuase just `go.php` does not work with the GET parameter. – Aviel Shomron Jan 28 '17 at 16:17
  • @MagnusEriksson Please see my question edit :) – Aviel Shomron Jan 28 '17 at 16:47

2 Answers2

1

Since this is just one specific file, you don't need FilesMatch, but can use Files instead

<Files go.php>
...
</Files>

Rewriting from /go/123 to /go.php?code=123 is a classic. You capture the part for the query string and use it in the substitution

RewriteRule ^go/(.+)$ /go.php?code=$1 [L]

I didn't expect <Files go> or <FilesMatch go> to work, because "/go/123" isn't a file in the strict sense.

So despite my ignorance an additional 

<Files go>
Allow from all
</Files>

works.

As an alternative, you can use If and check for the requested URL path

<If "%{REQUEST_URI} =~ m,^/go/,">
Allow from all
</If>
Olaf Dietsche
  • 72,253
  • 8
  • 102
  • 198
  • This one works, but doesn't work with my pretty url format. I have: `RewriteRule ^go/([a-z0-9]+)$ /go.php?code=$1`. If I go to `domain.com/go.php?code=123` it does work, but doesn't work with `domain.com/go/123`. – Aviel Shomron Jan 28 '17 at 16:35
  • These are two different and independent things. 1. `Files/FilesMatch` is for restricting the access control to a specific (set of) files 2. `RewriteRule` is for rewriting from one URL to another. – Olaf Dietsche Jan 28 '17 at 16:40
  • Yeah I know that, but I meant to ask another thing. the Files code you gave me allow access to `domain.com/go.php?code=123` but not if the url is a pretty url: `domain.com/go/123`. I just edited my question to explain my problem better. – Aviel Shomron Jan 28 '17 at 16:43
  • I just tried this combination in my test environment, and I have no such problem. When I enter `/go/123`, it calls the go.php script as expected. What doesn't work in your environment, and what is the output? – Olaf Dietsche Jan 28 '17 at 16:56
  • @AvielShomron - You might want to be more specific in your question to begin with, instead of moving the goal post after you get a working answer to the initial question. – M. Eriksson Jan 28 '17 at 16:57
  • @OlafDietsche, It takes me to the 403 Forbidden Page, and says: `You don't have permission to access /go/123 on this server.` – Aviel Shomron Jan 28 '17 at 17:06
  • @AvielShomron Ok, you're right, it seems I messed up my first test. – Olaf Dietsche Jan 28 '17 at 17:19
0

Problem solved:

<FilesMatch "go|go.php">
    Allow from all
</FilesMatch>

Thank you all!

Aviel Shomron
  • 41
  • 5