Home / server / Questions / 372643
Accepted
Kashif
Asked: 2012-03-23 22:06:26 +0800 CST

block php file access (modsecurity)

  • 772

How can I block all access to a PHP file? File name is similar to sm6######.php where #### can be any random digit.

How can I do it using mod_sec?

apache-2.2 mod-security

2 Answers

  1. This sounds like a suitable situation for the <FilesMatch > directive, no need for mod_security at all.

    <FilesMatch sm6[0-9]+\.php>
  Order Allow,Deny
  Deny from all
</FilesMatch>

    Of course, if you don't want anyone to access the file, why not delete it or move it out of the DocumentRoot ?

    If you edit your question to include more about who shouldn't be able to access the file I'll update my answer to match.

    • 6
  2. Best Answer
    SecRule REQUEST_LINE "@rx sm6[0-9]{1,}\.php" \
"phase:2,block,severity:2,msg:'Blocking access to sm6#.php files.'"
    • 4