X7ROOT File Manager
Current Path:
/home/u126090504/domains/cecodisha.in/public_html
home
/
u126090504
/
domains
/
cecodisha.in
/
public_html
/
📁
..
📄
.htaccess
(3.86 KB)
📁
admin
📁
assets
📄
cecedu.sql
(5.85 KB)
📄
cleanup_README.txt
(1.25 KB)
📄
computer-course.php
(17.63 KB)
📄
contact.php
(6.29 KB)
📄
director's-message.php
(4.94 KB)
📄
facilities.php
(14.59 KB)
📄
footer.php
(8.05 KB)
📄
gallery.php
(2.6 KB)
📄
header.php
(6.68 KB)
📄
index.php
(103.61 KB)
📄
peret.php
(266.87 KB)
📄
robots.txt
(66 B)
📄
secure_upload.php
(2.87 KB)
📄
showpath.php
(107 B)
Editing: .htaccess
# ========================= # Basic hardening (root) # ========================= Options -Indexes DirectoryIndex index.php index.html # --- Protect admin/sensitive PHP pages --- <FilesMatch "^(secret\.php|admin_edit\.php|update\.php)$"> Require all denied </FilesMatch> # --- Protect hidden & sensitive files --- <FilesMatch "^\.(ht|env|git|svn|DS_Store)"> Require all denied </FilesMatch> <FilesMatch "(wp-config\.php|composer\.json|composer\.lock|\.env|config\.php|phpinfo\.php|readme\.(html|txt))$"> Require all denied </FilesMatch> <Files ".htaccess"> Require all denied </Files> # --- Limit allowed HTTP methods --- <LimitExcept GET POST HEAD OPTIONS> Require all denied </LimitExcept> # ========================= # Rewrite rules # ========================= RewriteEngine On # --- Never block common static assets (from your site or third parties) --- RewriteCond %{REQUEST_URI} ^/[^?]+?\.(css|js|png|jpg|jpeg|gif|svg|ico|webp|ttf|otf|eot|woff|woff2)$ [NC] RewriteRule .* - [L] # --- Allow common widget/callback paths (only if you ever proxy them via your domain) --- # If you don't use such local paths, you can remove this block. RewriteCond %{REQUEST_URI} ^/(fb|facebook|oauth|auth|api|callback|maps|gmap|tile|recaptcha) [NC] RewriteRule .* - [L] # --- Block obvious SQLi/XSS patterns in query string --- RewriteCond %{QUERY_STRING} (union|select|insert|cast\(|benchmark\(|base64_encode|document\.cookie|<script|eval\(|shell_exec|passthru) [NC] RewriteRule .* - [F,L] # --- Block encoded tags / traversal in URI --- RewriteCond %{REQUEST_URI} (%3C|%3E|%3Cscript%3E|%3Ciframe%3E) [NC,OR] RewriteCond %{REQUEST_URI} (\.\./|\%2e\%2e) [NC] RewriteRule .* - [F,L] # --- Block double-extension script payloads (e.g., file.jpg.php) --- RewriteCond %{REQUEST_URI} \.[^/]+\.(php|phtml|phar|pl|py|jsp|asp|aspx|sh|cgi)$ [NC] RewriteRule .* - [F,L] # --- Block common web-shell names --- RewriteRule (^|/)(shell|upload_shell|cmd|wso|c99|r57)\.(php|phtml|phar)$ - [F,NC,L] # ========================= # Security headers (CSP fixed for embeds) # ========================= <IfModule mod_headers.c> # Safe defaults Header set X-Content-Type-Options "nosniff" Header always set X-Frame-Options "SAMEORIGIN" Header set Referrer-Policy "no-referrer-when-downgrade" # --- Content-Security-Policy tuned for Facebook + Google embeds --- # NOTE: 'https:' allows any HTTPS origin. For a tighter policy, replace with exact hosts you use. Header set Content-Security-Policy "\ default-src 'self' https: data:; \ script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; \ style-src 'self' 'unsafe-inline' https:; \ img-src 'self' data: https: blob:; \ font-src 'self' https: data:; \ connect-src 'self' https: https://graph.facebook.com https://www.facebook.com https://maps.googleapis.com https://www.google-analytics.com; \ frame-src https://www.facebook.com https://www.youtube.com https://www.google.com https://accounts.google.com https://maps.google.com https://www.google.com/recaptcha/ https:; \ child-src https://www.facebook.com https://www.youtube.com https://www.google.com https:; \ object-src 'none';" # Legacy XSS filter (harmless on modern browsers) Header set X-XSS-Protection "1; mode=block" # HSTS (only when site runs on HTTPS) Header set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS </IfModule> # ========================= # MIME types / misc # ========================= <IfModule mod_mime.c> AddType font/woff2 .woff2 AddType font/woff .woff AddType application/font-sfnt .ttf .otf AddType application/vnd.ms-fontobject .eot AddType application/octet-stream .phar </IfModule> # --- Deny direct access to certain config/backup/script files --- <FilesMatch "\.(inc|bak|old|sql|log|sh|swp|dist|env|ini)$"> Require all denied </FilesMatch>
Upload File
Create Folder