17 December 2021
This article looks at Apache’s Files and FilesMatch directives. Both are used to allow or deny access to files on your website.
The Files directive specifies a file, and inside the directive you define one or more actions. You can use this to deny access to a file. For instance, you might have a phpinfo.php file that contains lots of details about your website’s PHP configuration. You can block access to the file with this rule:
<Files "phpinfo.php"> Require all denied </Files>
Here, I used the same syntax I used in the article about denying access to an IP address. If you want to allow only a single IP address to access the file then you can add a Require ip rule:
<Files "phpinfo.php"> Require all denied Require ip 1.2.3.4 </Files>
You can do the same for other sensitive files, such as the wp-login.php and xmlrpc.php files on WordPress websites.
The FilesMatch directive lets you specify files using a regular expression. A good example is the WordPress Toolkit rule that denies access to PHP scripts in the wp-content/uploads directory:
<Directory "/home/example/public_html/wp-content/uploads"> <FilesMatch \.php$> Require all denied </FilesMatch> </Directory>
Note that the FilesMatch directive is nested inside a Directory tag. That means the rule is only valid inside the uploads directory. The regular expression is simply \.php$. As you can probably guess, that matches files with the extension .php.
If you are not familiar with regular expressions, the dot needs to be escaped because it has a special meaning: it matches any single character. The stroke escapes the dot, so that it is interpreted as a literal dot. The dollar sign is an anchor that denotes the end of the string.
In the same way you can deny access to specific PHP files. For instance, this rule denies access to wp-login.php and xmlrpc.php but allows access for the IP address 1.2.3.4:
<FilesMatch (wp-login|xmlrpc)\.php$> Require all denied Require ip 1.2.3.4 </FilesMatch>
By catalyst2 Team
To maintain a smooth operation of any online business or digital service you need a server that is efficient and that you can rely on. Here at catalyst2 we understand the challenges that businesses face daily; purely to keep their business alive so the challenges that are faced in addition to this when server issues …
By catalyst2 Team
Data is the foundation for businesses as it provides insights into customer behaviour and trends, as well as business performance and efficiency. So, businesses have the tools they need to make informed decisions and plan strategically. For businesses that are just starting out or that are smaller, data is a catalyst to help identify growth …
By catalyst2 Team
The word ‘server’ is frequently used in everyday discussions in IT departments within organisations, but unless you work in the tech industry, you might not be familiar with what it really means. A server is the backbone of all digital operations. It is there to manage tasks like data storage, processing requests, delivering content across …
By catalyst2 Team
While many businesses still have physical workspaces or brick-and-mortar stores, the importance of a digital presence shouldn’t be overlooked. In addition to using things like social media channels to boost your brand awareness and interact with your customers, having a website offers several benefits. In today’s digital world, the performance of your website is crucial …
By catalyst2 Team
More so than ever before, having a high-performing website is essential to the ongoing success of a business. Regardless of which industry you operate in, a website is a powerful tool that can improve brand recognition, drive growth and support customer engagement. Not to mention, it allows for online sales and can remove geographical barriers …
By catalyst2 Team
Regardless of which industry sector you operate in or what type of products and services you offer, having a website is non-negotiable in today’s digital world. More so than ever before, people turn to the internet to find businesses that can assist them with their specific needs and if you don’t have a website, you …
By catalyst2 Team
When it comes to website management, there is a key component that business owners often overlook; server management. Your website server plays a crucial role in your online presence, it facilitates the delivery of your web pages to users and without a server, your website simply wouldn’t be visible online. So, it’s crucial to ensure …
By catalyst2 Team
In the digital age, getting a website is more than just a way to build an online presence, it’s a vital business investment. Not only do large retail businesses need a website, but smaller local businesses can also benefit from taking their business online. Recognising this importance, many businesses are now dedicating significant resources towards …
By catalyst2 Team
In the fast-paced world of e-commerce, having a reliable website is an essential factor in success. Whether you also have a brick-and-mortar store or solely a digital shop, ensuring your website is performing at its best can have a direct impact on your bottom line. Factors such as website uptime, ease of navigation and speed …
By catalyst2 Team
Designing a website requires careful consideration and several reviews during the development stages to ensure everything is perfect. Once live, it can be easy to assume that no further updates are needed and your website will continue to perform well, however, this isn’t always the case. Regularly reviewing your website is essential to ensure its …
Great real person support – direct phone number, usually the same individual so any problems are handled by the same people. Excellent.
Cookie | Duration | Description |
---|---|---|
bcookie | 2 years | LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID. |
bscookie | 2 years | LinkedIn sets this cookie to store performed actions on the website. |
lang | session | LinkedIn sets this cookie to remember a user's language setting. |
lidc | 1 day | LinkedIn sets the lidc cookie to facilitate data center selection. |
UserMatchHistory | 1 month | LinkedIn sets this cookie for LinkedIn Ads ID syncing. |
Cookie | Duration | Description |
---|---|---|
_ga | 2 years | The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors. |
_gat_gtag_UA_5562310_11 | 1 minute | Set by Google to distinguish users. |
_gid | 1 day | Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously. |
CONSENT | 2 years | YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data. |
Cookie | Duration | Description |
---|---|---|
_fbp | 3 months | This cookie is set by Facebook to display advertisements when either on Facebook or on a digital platform powered by Facebook advertising, after visiting the website. |
fr | 3 months | Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin. |
IDE | 1 year 24 days | Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile. |
test_cookie | 15 minutes | The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies. |
VISITOR_INFO1_LIVE | 5 months 27 days | A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface. |
YSC | session | YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages. |
yt-remote-connected-devices | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
yt-remote-device-id | never | YouTube sets this cookie to store the video preferences of the user using embedded YouTube video. |
Cookie | Duration | Description |
---|---|---|
_ashkii | session | No description available. |
_wicasa | 3 months | No description available. |
AnalyticsSyncHistory | 1 month | No description |
cookid | 3 months | No description available. |
cookietest | session | No description |
crisp-client/domain-detect/1644827320973 | session | No description |
crisp-client/domain-detect/1644827348275 | session | No description |
crisp-client/domain-detect/1644827428415 | session | No description |
crisp-client/domain-detect/1644827479357 | session | No description |
crisp-client/domain-detect/1644827596454 | session | No description |
crisp-client/domain-detect/1644827724838 | session | No description |
crisp-client/domain-detect/1644827824383 | session | No description |
crisp-client/domain-detect/1644827878659 | session | No description |
crisp-client/domain-detect/1644828716243 | session | No description |
crisp-client/domain-detect/1644828846246 | session | No description |
crisp-client/domain-detect/1644829369013 | session | No description |
crisp-clientsession30cc6953-ebcf-4bc6-b649-c44eb446409e | 6 months | No description |
dbmFP | 3 months | No description available. |
dbmPK | 3 months | No description available. |
li_gc | 2 years | No description |