File Manager

X7ROOT File Manager

Current Path: /home/u126090504/domains/abhiramgroup.org.in/public_html/admin/galleryimages

home / u126090504 / domains / abhiramgroup.org.in / public_html / admin / galleryimages /

📁 ..
📄 .htaccess(2.39 KB)
📄 1.jpg(94.72 KB)
📄 1000160408.jpg(1.75 MB)
📄 1000160416.jpg(2.3 MB)
📄 1000160422.jpg(3.55 MB)
📄 6.jpg(76.02 KB)
📄 ABHIRAM HIGHER SECONDARY SCHOOL (1).jpg(1.09 MB)
📄 ABHIRAM TUTORIAL.jpg(270.52 KB)
📄 Nasya-Panchkarma-treatment_in_Kerala_600x400.jpg(31.94 KB)
📄 Summer (1).jpg(186.54 KB)
📄 Swedana1.jpg(74.98 KB)
📄 WhatsApp Image 2024-07-19 at 11.19.24 AM (1)(1).jpeg(207.82 KB)
📄 WhatsApp Image 2024-07-19 at 11.19.24 AM(1).jpeg(246.72 KB)
📄 WhatsApp Image 2024-07-19 at 11.20.41 AM(1).jpeg(212.74 KB)
📄 g1.jpg(453.4 KB)
📄 g2.jpg(266.86 KB)
📄 g3.jpg(186.07 KB)
📄 g4.jpg(219 KB)
📄 g5.jpg(228.82 KB)
📄 g6.jpg(355.19 KB)
📄 monaj.jpg(90.21 KB)

Editing: .htaccess

# 1) Default: deny everything first
<IfModule mod_authz_core.c>
    Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
    Deny from all
</IfModule>

# 2) Allow only a strict whitelist of safe media/document extensions (case-insensitive)
<FilesMatch "(?i)\.(jpg|jpeg|png|gif|webp|svg|pdf)$">
    <IfModule mod_authz_core.c>
        Require all granted
    </IfModule>
    <IfModule !mod_authz_core.c>
        Order allow,deny
        Allow from all
    </IfModule>
</FilesMatch>

# 3) Disable handlers for common script extensions (prevent AddHandler trick)
<IfModule mod_php7.c>
    php_flag engine off
</IfModule>
<IfModule mod_php5.c>
    php_flag engine off
</IfModule>

RemoveHandler .php .phtml .phar .pl .py .cgi .asp .aspx .jsp .jar .rb .sh
RemoveType .php .phtml .phar .pl .py .cgi .asp .aspx .jsp .jar .rb .sh
AddType text/plain .php .phtml .phar .pl .py .cgi .asp .aspx .jsp .jar .rb .sh

# 4) Extra: Block requests that attempt double-extensions (image.jpg.php) or any script ext anywhere in the name
<IfModule mod_rewrite.c>
    RewriteEngine On

# Immediately forbid any request URL containing a script-like extension
    RewriteCond %{REQUEST_URI} (?i)\.(php[0-9]*|phtml|phar|pl|py|cgi|sh|exe|asp|aspx|jsp|jar|class|java|rb)$
    RewriteRule .* - [F,L]

# Block double-extension tricks: image.jpg.php, name.png.aspx, etc.
    RewriteCond %{REQUEST_URI} (?i)\.(jpg|jpeg|png|gif|webp|svg|pdf)\.(php[0-9]*|phtml|phar|asp|aspx|jsp)$
    RewriteRule .* - [F,L]

# Block suspicious extension names often used by attackers (.jquery, .tmp, random tokens)
    RewriteCond %{REQUEST_URI} (?i)\.(jquery|tmp|log|bak|old|enc|dat)$
    RewriteRule .* - [F,L]

# Block filenames with multiple dots where last extension is not whitelisted
    RewriteCond %{REQUEST_URI} ^(.*/)?[^/]+\.[^.]+$
    RewriteCond %{REQUEST_URI} !(?i)\.(jpg|jpeg|png|gif|webp|svg|pdf)$
    RewriteRule .* - [F,L]
</IfModule>

# 5) Block hidden files (like .htaccess, .env, .git)
<FilesMatch "^\.">
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
        Deny from all
    </IfModule>
</FilesMatch>

# 6) Extra security headers
<IfModule mod_headers.c>
    Header set X-Content-Type-Options "nosniff"
    Header always set X-Frame-Options "SAMEORIGIN"
</IfModule>

# 7) Prevent directory listing
Options -Indexes

X7ROOT File Manager

Editing: .htaccess

Upload File

Create Folder