Troubles with apache - 403 while trying to protect everything but index.php

Question

What I want:

Protecting all files/folders but the index.php.

Apache:

• Apache/2.4.2 (Win32) OpenSSL/1.0.1c PHP/5.4.4
• Running as Service (xampp 1.8)
• Not modified

My project structure

URL: "http://localhost/MyProject/"
PROJECT_DIRECTORY C:/xampp/htdocs/MyProject/

The project directory looks like:

• config (folder)
• ressources (folder)
• sources (folder)
• index.php

Problem:

I am having troubles with my .htaccess file as I do always receive a 403 or even a 500 Error.

I tried different settings to achieve the goal but none of these worked. I tried Directory, DirectoryMatch, Files, FilesMatch etc.

But I think it should be as easy as:

# Activate rewrite engine
RewriteEngine on
RewriteBase /

# Redirect all requests to index.php
RewriteRule ^(.*)$ index\.php?/$1 [QSA]

# Deny from all
Order deny,allow
Deny from all

# Allow only index.php
<Files "index.php">
Allow from all
</Files>

Or something like this:

...

# Deny from all
<Directory />
Order deny,allow
Deny from all
</Directory>

# Allow only root dir
<Directory "/MyProject" />
Allow from all
</Directory>

May someone can help me with this?

EDIT: I recently found out, that I cannot use the tag as the .htaccess is valid for the directory I put it in, so there is no need to define that directory inside .htaccess. This did not solve my problem but I know that the second example is wrong.

Answer 1

You can try this:

RewriteEngine On
RewriteCond %{REQUEST_URI} !^/(index\.php)$
RewriteRule ^ - [L,F]

This will let requests for / and /index.php pass through while responding with a 403 Forbidden for anything else.

However, you've got this rule already:

# Redirect all requests to index.php
RewriteRule ^(.*)$ index\.php?/$1 [QSA]

So you don't really need to deny anything if everything is already being routed through index.php