X7ROOT File Manager
Current Path:
/home/u126090504/domains/apexodisha.in/public_html/admin/imagedata
home
/
u126090504
/
domains
/
apexodisha.in
/
public_html
/
admin
/
imagedata
/
📁
..
📄
.htaccess
(2.39 KB)
Editing: .htaccess
# 1) Default: deny everything first <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Deny from all </IfModule> # 2) Allow only a strict whitelist of safe media/document extensions (case-insensitive) <FilesMatch "(?i)\.(jpg|jpeg|png|gif|webp|svg|pdf)$"> <IfModule mod_authz_core.c> Require all granted </IfModule> <IfModule !mod_authz_core.c> Order allow,deny Allow from all </IfModule> </FilesMatch> # 3) Disable handlers for common script extensions (prevent AddHandler trick) <IfModule mod_php7.c> php_flag engine off </IfModule> <IfModule mod_php5.c> php_flag engine off </IfModule> RemoveHandler .php .phtml .phar .pl .py .cgi .asp .aspx .jsp .jar .rb .sh RemoveType .php .phtml .phar .pl .py .cgi .asp .aspx .jsp .jar .rb .sh AddType text/plain .php .phtml .phar .pl .py .cgi .asp .aspx .jsp .jar .rb .sh # 4) Extra: Block requests that attempt double-extensions (image.jpg.php) or any script ext anywhere in the name <IfModule mod_rewrite.c> RewriteEngine On # Immediately forbid any request URL containing a script-like extension RewriteCond %{REQUEST_URI} (?i)\.(php[0-9]*|phtml|phar|pl|py|cgi|sh|exe|asp|aspx|jsp|jar|class|java|rb)$ RewriteRule .* - [F,L] # Block double-extension tricks: image.jpg.php, name.png.aspx, etc. RewriteCond %{REQUEST_URI} (?i)\.(jpg|jpeg|png|gif|webp|svg|pdf)\.(php[0-9]*|phtml|phar|asp|aspx|jsp)$ RewriteRule .* - [F,L] # Block suspicious extension names often used by attackers (.jquery, .tmp, random tokens) RewriteCond %{REQUEST_URI} (?i)\.(jquery|tmp|log|bak|old|enc|dat)$ RewriteRule .* - [F,L] # Block filenames with multiple dots where last extension is not whitelisted RewriteCond %{REQUEST_URI} ^(.*/)?[^/]+\.[^.]+$ RewriteCond %{REQUEST_URI} !(?i)\.(jpg|jpeg|png|gif|webp|svg|pdf)$ RewriteRule .* - [F,L] </IfModule> # 5) Block hidden files (like .htaccess, .env, .git) <FilesMatch "^\."> <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Deny from all </IfModule> </FilesMatch> # 6) Extra security headers <IfModule mod_headers.c> Header set X-Content-Type-Options "nosniff" Header always set X-Frame-Options "SAMEORIGIN" </IfModule> # 7) Prevent directory listing Options -Indexes
Upload File
Create Folder