I spent my evening on this problem and I did not find how to solve/bypass it 🙁
I have in "mydomain.com/admin/" a .htaccess file with the following :
<Files ~ "[^index]\.php$">
Order Allow,Deny
Deny from All
</Files>
The goal of this .htaccess is to protect all the included files, as inc/config.php for example, from being directly called.
My problem is that I wish to make an exception for a notification php file used by paypal.
In other word, I have a file "mydomain.com/admin/paypal/notify.php" and I wish to allow paypal.com to execute it.
I tried tenth of things, as adding a "Files" authorization in the .htaccess
<Files /admin/paypal/notify.php>
Order Deny,Allow
Deny from all
Allow from paypal.com
</Files>
But succesless 🙁
… as if
<Files ~ "[^index]\.php$">
was the only followed rule.
Best Answer
<Files filename> only apply to a filename, you cannot use a path with it.
The Files directive documentation states:
Possible Solution:
In the directory admin/paypal, create an .htaccess with:
Edit: reversed Deny and Allow.