I've been experimenting with the FilesMatch Directive. During my first attempt, I discovered that my default rules (rulesets 1 & 2) didn't allow me to access www.test.com/
but did allow me to access www.test.com/index.php
I presumed this was because the file "/"
hit ruleset 1 but not ruleset 2 and so got blocked. I therefore put ruleset 3 in place and everything seems to be working now. I just wanted to ask if anyone had any advice on implementing this directive, and whether or not I've gone about it the correct way?
#Ruleset1
<FilesMatch "^.*$">
Order Deny,Allow
Deny from all
</FilesMatch>
#Ruleset2
<FilesMatch "^.*\.(css|html?|js|pdf|txt|xml|xsl|gif|ico|jpe?g|png|php?)$">
Order Deny,Allow
Allow from all
</FilesMatch>
#Ruleset3
<FilesMatch "">
Order Deny,Allow
Allow from all
</FilesMatch>
This likely isn't working as you're intending.
Your last match effectively overrides the other rules and allows all requests;
""
will always match everything (as will your first section,"^.*$"
).Just using
<FilesMatch>
seems like the wrong approach for what you're going for, but can you clarify what you're trying to achieve?Edit:
Something like this should function for both cases: