.htaccess fix for Apache 2.2 and 2.4
-
Hey guys,
First off, great plugin! I have an improvement request for future versions.
The .htacess file you place in the /wp-content/ folder is only Apache 2.2 compatible:
<Files *.php> deny from all </Files>
I know you’re aware because you have the following note in the admin:
Note: Apache/2.4 introduced new directives to configure the access level of certain resources in the server, for instance the rules applied to harden these directories will not work and will probably cause issues. We will not fix this because there is no accurate way to determine the exact version number of Apache installed in this server considering some security measures applied to its configuration that will prevent the version number to be readable by PHP, proceed with caution.
There is a fix though. You can use
IfModule
to test which one is installed.Something like this would work for both 2.2 and 2.4:
<Files ~ "^(.+)\.php$"> # Apache 2.2 <IfModule !mod_authz_core.c> Deny from all </IfModule> # Apache 2.4 <IfModule mod_authz_core.c> Require all denied </IfModule> </Files>
I know the the preferred use for regex is
FilesMatch
overFiles
, but I choseFiles
because this particular implementation is more compatible with certain branches of Apache, and should give you the most compatibility overall.Hopefully you can implement this in the next version to make your .htaccess files a bit more universal. Thanks!
– Scott
- The topic ‘.htaccess fix for Apache 2.2 and 2.4’ is closed to new replies.