Deny access multiple .php files with .htaccess? [duplicate]

Question

I want to deny access to multiple PHP files in directory /all/cstl/.

My .htaccess is also stored in this directory.

This is my current code and it's not working.

<Files "\ (config.php|function.php|include.php)">
  Order allow,deny
  Deny from all
</Files>

I have tried to deny the directory and allow specific files but it denies the directory and does not allow the requested .php files. My code for this is:

<Directory />
    Order deny,allow
    Deny from all
<Directory>

<Files "index.php|post.php">
    Order deny,allow
    Deny from all
</Files>

Please give me some example of blocking access to multiple specific files within a directory.

Answer 1

There are several problems with the .htaccess you have there.

As BSen linked in the comment above, you should use FilesMatch. Also, your regular expression is wrong.

The problem with the regular expression is that you have an escaped space at the start, so all files must start with a space character (followed by one of config.php, function.php etc)

Also a small explaination of the Order allow,deny directive: http://www.maxi-pedia.com/Order+allow+deny

Try this:

<FilesMatch "config\.php|function\.php|include\.php">
  Order allow,deny
  Deny from all
</FilesMatch>

If you'd like to deny all but a few files, this would read as

Order deny,allow
Deny from all
<FilesMatch "index\.php|index\.html">
  Allow from all
</FilesMatch>