0

I have a wordpress theme which calls a dynamic css file called frontend.css.php which is located at wp-content/my-theme/assets/dynamic/frontend.css.php

For security purpose, i've obviously protected my wp-content excluding php files and allowing specific files format. This is the following htaccess

https://www.wpexplorer.com/htaccess-wordpress-security/ Part 3 wp-content section

I've tried different alternatives to try to still allow these file format, keep excluding php files from being accessible BUT allow the frontend.css.php file, as it returns error 403 because it's a php file.

Any idea how i could add to this htaccess frontend.css.php to the list of allowed files (and only that php file)

Thanks

Community
  • 1
  • 1
Awman
  • 1
  • 1
  • Have you tried the top answer here? https://stackoverflow.com/a/8732339/1633746 . They use mod_setenvif instead of a Files block for excluding specific files. – craig May 06 '18 at 01:14
  • Just tried but i stil legt errors. Maybe because it's a htaccess located physically in wp-content and not the main folder htaccess. – Awman May 06 '18 at 02:04
  • How about this? This could help you - https://stackoverflow.com/questions/1340001/deny-direct-access-to-all-php-files-except-index-php/11711319#11711319 – Haris May 07 '18 at 08:52

1 Answers1

0

thanks for the answer.

I found the solution so i'll post it here in cas someone try to achieve something similar. I need to write the file outside the parenthesis and append it like if it was also in parenthesis.

Order deny,allow
Deny from all
<Files ~ "frontend.css.php|.(xml|css|js|jpe?g|png|gif|ttf|woff|otf|pdf|docx|rtf|odf|zip|rar|mp4|vp9|mkv|mp3|aac|wav|flac)$">
Allow from all
</Files>
Awman
  • 1
  • 1