Allowing access to joomla page for ip’s in ‘deny from’

.htaccessjoomla

I notice that my .htaccess file contains

<Files 403.shtml>
order allow,deny
allow from all
</Files>

Which allows the 403 error page, 403.shtml, to be viewed by addresses that are specified on a "deny from" line.

Rather than showing an error page, I would just like to show the home page of the (SEF-enabled joomla) site (not any other pages). My feeble attempt was:

<directory />
order allow,deny
allow from all
<directory>

But that just made the server unhappy.

What is the correct way to do this?

Best Answer

Wrap your Deny directives in a Limit block, so that the 403 only kicks in when the spammer sends a POST request.

<Limit POST>
    Deny from 192.0.2.0/24
    Deny from 10.0.2.1
    # etc
</Limit>

This can be done either in the current location of the Deny directives (the htaccess file) or in your <Directory /> block.

Related Solutions

Security – allowing index access only with .htaccess

Maybe you are thinking to complicated, just deny all access and then allow access to index.php and the folder itself. For example:

Order allow,deny
Deny from All

<FilesMatch "^(index\.php)?$">
        Allow from All
</FilesMatch>

If you don't even want http://doma.in/folder/ to work you can replace the FilesMatch directive with Files index.php. Keep in mind that it depends on your DirectoryIndex directive what file will be displayed when accessing a folder without filename.

Edit: To answer the question in your comment, I think you will need a more powerfull .htaccess using mod_rewrite. You can't use Directory and DirectoryMatch in a .htaccess file accordingly to the Apache documentation. Because the request is being denied before the RewriteRule can add a trailing slash you can't add the trailing slash with mod_write.

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !/index\.php$
    RewriteRule ^.*$ - [F]
</IfModule>

<IfModule !mod_rewrite.c>
    Order allow,deny
    Deny from All
</IfModule>

Security – .htaccess to deny access to most xml files

The FilesMatch line has an extra "<". It should be:

<FilesMatch "(?!sitemap)\.xml$">

Best Answer

Related Solutions

Security – allowing index access only with .htaccess

Security – .htaccess to deny access to most xml files

Related Topic