X7ROOT File Manager
Current Path:
/home/u126090504/domains/ocaacademy.online/public_html/admin/galleryimages
home
/
u126090504
/
domains
/
ocaacademy.online
/
public_html
/
admin
/
galleryimages
/
📁
..
📄
.htaccess
(2.39 KB)
📄
1.jpg
(94.72 KB)
📄
6.jpg
(76.02 KB)
📄
Nasya-Panchkarma-treatment_in_Kerala_600x400.jpg
(31.94 KB)
📄
Student of the year 2015.JPG
(3.56 MB)
📄
Student of the year 2016.JPG
(2.43 MB)
📄
Student of the year 2018.JPG
(10.52 MB)
📄
Swedana1.jpg
(74.98 KB)
📄
about.jpg
(367.3 KB)
📄
monaj.jpg
(90.21 KB)
📄
test.jpg
(4.59 KB)
Editing: .htaccess
# 1) Default: deny everything first <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Deny from all </IfModule> # 2) Allow only a strict whitelist of safe media/document extensions (case-insensitive) <FilesMatch "(?i)\.(jpg|jpeg|png|gif|webp|svg|pdf)$"> <IfModule mod_authz_core.c> Require all granted </IfModule> <IfModule !mod_authz_core.c> Order allow,deny Allow from all </IfModule> </FilesMatch> # 3) Disable handlers for common script extensions (prevent AddHandler trick) <IfModule mod_php7.c> php_flag engine off </IfModule> <IfModule mod_php5.c> php_flag engine off </IfModule> RemoveHandler .php .phtml .phar .pl .py .cgi .asp .aspx .jsp .jar .rb .sh RemoveType .php .phtml .phar .pl .py .cgi .asp .aspx .jsp .jar .rb .sh AddType text/plain .php .phtml .phar .pl .py .cgi .asp .aspx .jsp .jar .rb .sh # 4) Extra: Block requests that attempt double-extensions (image.jpg.php) or any script ext anywhere in the name <IfModule mod_rewrite.c> RewriteEngine On # Immediately forbid any request URL containing a script-like extension RewriteCond %{REQUEST_URI} (?i)\.(php[0-9]*|phtml|phar|pl|py|cgi|sh|exe|asp|aspx|jsp|jar|class|java|rb)$ RewriteRule .* - [F,L] # Block double-extension tricks: image.jpg.php, name.png.aspx, etc. RewriteCond %{REQUEST_URI} (?i)\.(jpg|jpeg|png|gif|webp|svg|pdf)\.(php[0-9]*|phtml|phar|asp|aspx|jsp)$ RewriteRule .* - [F,L] # Block suspicious extension names often used by attackers (.jquery, .tmp, random tokens) RewriteCond %{REQUEST_URI} (?i)\.(jquery|tmp|log|bak|old|enc|dat)$ RewriteRule .* - [F,L] # Block filenames with multiple dots where last extension is not whitelisted RewriteCond %{REQUEST_URI} ^(.*/)?[^/]+\.[^.]+$ RewriteCond %{REQUEST_URI} !(?i)\.(jpg|jpeg|png|gif|webp|svg|pdf)$ RewriteRule .* - [F,L] </IfModule> # 5) Block hidden files (like .htaccess, .env, .git) <FilesMatch "^\."> <IfModule mod_authz_core.c> Require all denied </IfModule> <IfModule !mod_authz_core.c> Deny from all </IfModule> </FilesMatch> # 6) Extra security headers <IfModule mod_headers.c> Header set X-Content-Type-Options "nosniff" Header always set X-Frame-Options "SAMEORIGIN" </IfModule> # 7) Prevent directory listing Options -Indexes
Upload File
Create Folder
