Title: config file access exception
Last modified: April 23, 2017

---

# config file access exception

 *  Resolved [joecodes](https://wordpress.org/support/users/joecodes/)
 * (@joecodes)
 * [9 years, 1 month ago](https://wordpress.org/support/topic/config-file-access-exception/)
 * I used the following to create an exception for a configuration file that actually
   does need to be accessed directly and it works fine:
    [https://wordpress.org/support/topic/how-add-a-directory-to-exception/](https://wordpress.org/support/topic/how-add-a-directory-to-exception/)
 * However, I don’t really want to disable all rules for this file but just want
   to disable the config access rule for the one file. Is it possible to do that?

Viewing 5 replies - 1 through 5 (of 5 total)

 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [9 years, 1 month ago](https://wordpress.org/support/topic/config-file-access-exception/#post-9060590)
 * Hi,
 * You can try to narrow your filter. For instance, if you only need to access the
   file using the `GET` method, then you could whitelist only if it is a `GET` method:
 *     ```
       <?php
       /*
        +===================================================================+
        | NinjaFirewall optional configuration file                         |
        |                                                                   |
        | See: http://nintechnet.com/ninjafirewall/wp-edition/help/?htninja |
        +===================================================================+
       */
   
       // Allow only if it is a GET request sent to the '/foo/bar/' folder:
       if (strpos($_SERVER['SCRIPT_FILENAME'], '/foo/bar/') !== FALSE &&
         $_SERVER['REQUEST_METHOD'] == 'GET' ) {
          return 'ALLOW';
       }
       ```
   
 * This is just an example, but you can basically add any code you want to the `.
   htninja` file.
 *  Thread Starter [joecodes](https://wordpress.org/support/users/joecodes/)
 * (@joecodes)
 * [9 years, 1 month ago](https://wordpress.org/support/topic/config-file-access-exception/#post-9061628)
 * Great. How about a specific rule like the following?
 *     ```
       if (strpos($_SERVER['SCRIPT_FILENAME'], '/foo/bar/') !== FALSE &&
         $rule == 310 ) {
          return 'ALLOW';
       }
       ```
   
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [9 years, 1 month ago](https://wordpress.org/support/topic/config-file-access-exception/#post-9062205)
 * You cannot do that, because rules are processed after the `.htninja` file.
    If
   your issue is about rule 310, I recommend to disable it from the “Rules Editor”.
   It is not an important rule and disabling it will not put your site at risk.
 *  Thread Starter [joecodes](https://wordpress.org/support/users/joecodes/)
 * (@joecodes)
 * [9 years, 1 month ago](https://wordpress.org/support/topic/config-file-access-exception/#post-9062281)
 * Ok, that’s good to know. I may be going off topic a little, but at this point
   which is the greater threat, turning off rule 310 or whitelisting this one file?
   They both seem bad to me.
 *  Plugin Author [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * (@nintechnet)
 * [9 years, 1 month ago](https://wordpress.org/support/topic/config-file-access-exception/#post-9064084)
 * None of them is a threat. I would disable rule 310, it will really not put your
   site at risk.

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘config file access exception’ is closed to new replies.

 * ![](https://ps.w.org/ninjafirewall/assets/icon-256x256.png?rev=976137)
 * [NinjaFirewall (WP Edition) - Advanced Security Plugin and Firewall](https://wordpress.org/plugins/ninjafirewall/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/ninjafirewall/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/ninjafirewall/)
 * [Active Topics](https://wordpress.org/support/plugin/ninjafirewall/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/ninjafirewall/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/ninjafirewall/reviews/)

 * 5 replies
 * 2 participants
 * Last reply from: [nintechnet](https://wordpress.org/support/users/nintechnet/)
 * Last activity: [9 years, 1 month ago](https://wordpress.org/support/topic/config-file-access-exception/#post-9064084)
 * Status: resolved