Hi, I was wondering if someone could help me out here. I am super-paranoid, so am trying to limit what PHP files can be executed on this server. I have a small list of files that I want to allow. The rest, deny:
<Files ~ "\.(php|php3)$">
order allow,deny
deny from all
</Files>
I want to then allow the execution of a few PHP files in a specific directory:
<Directory "/var/www/html/forums">
<Files ~ "forummain.php$">
order allow,deny
allow from all
</Files>
<Files ~ "index.php$">
order allow,deny
allow from all
</Files>
</Directory>
My problem is that the ALLOW FROM ALL statements in the above FILE sections allow anyone in, even if they are denied in the root directory .htaccess, or in the root directory's httpd.conf LIMIT. So that's not what I really want. I just want those 2 php files to be executable IF you're not otherwise locked out elsewhere. Does anyone know how I should configure this to work right?
Thanks