in aim to secure my site i wanted to disallow execution of all .php file except index.php
so i added this to .htaccess
but it appears like something stopped working, i could not see template (subsilver) background images, just white background. Logo image and forums icons was visible (i did not tried to clear cache)<FilesMatch "\.(php|php4|php5)$">
Order Allow,Deny
Deny from all
</FilesMatch>
<FilesMatch "index\.php$">
Order Allow,Deny
Allow from all
</FilesMatch>
Please which PHPBB file requires .php execution so i can try to tweak my htaccess rule?
thank you
UPDATE:
this can be partial solution. adding into .htaccess
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /[^\ ]+\.php($|\ )
RewriteCond %{REQUEST_URI} !index.php
RewriteCond %{REQUEST_URI} !feedback.php
RewriteCond %{REQUEST_URI} !faq.php
RewriteCond %{REQUEST_URI} !search.php
RewriteCond %{REQUEST_URI} !memberlist.php
RewriteCond %{REQUEST_URI} !toplist.php
RewriteCond %{REQUEST_URI} !thankslist.php
RewriteCond %{REQUEST_URI} !ucp.php
RewriteCond %{REQUEST_URI} !mchat.php
RewriteCond %{REQUEST_URI} !rss.php
RewriteCond %{REQUEST_URI} !sitemap.php
RewriteRule \.php$ / [F,L]
it will not allow executing any url which ends with .php. tested