Only allowing images in a directory using .htaccess

Hello,

I’m hoping to secure a directory using .htaccess so it will only serve image files and not PHP etc.

I found this:


<Files ^(*.jpeg|*.jpg|*.png|*.gif)>
   order deny,allow
   deny from all
</Files>

  • but it didn’t work, I can still execute PHP.

Any idea what I need?

Cheers,

Jon

Can you still see jpg files as it looks as though it is blocking those and not php.

Yes I can still see the images.

Cheers,

Jon

Well the simple solution is to only put images in that directory to begin with…
Less work for the web server that way.

I’ll be sure to let any hackers know…

Uhhh…if hackers managed to comprimise the system that would be the least of your concerns. Now if the directory is a place for uploads then you should be securing the code that handles the upload.

That’s of course the main defence, but someone I know got hacked recently with disastrous results so I’m looking for ways of making things even more secure, so the same thing doesn’t happen to me. Adding a .htaccess file to a directory only takes a few seconds, so I’d say that it’s worthwhile for an extra security measure.

Cheers,

Jon

I don’t know how you have your site setup but if you took the inititive to tie it all to a single frontend file (index.php) then you could tie executing PHP to the one single file. In other words a file with a .php extention would not be executed, only index.php.

Now that would be the way to handle this.