Reputation: 443
.htaccess: Internal rewrite to subfolder, deny access via subfolder
On my page, I installed the silverstripe framework in a subfolder current. I have two .htaccessfiles to remove the "current" Directory from the URL. One at root:
root htaccess:
AddOutputFilterByType deflate text/html text/plain text/css text/javascript application/javascript application/x-javascript application/rss+xml
# Deployment scripts
RewriteCond %{REQUEST_FILENAME} /deploy/
RewriteRule ^(.*)$ $1 [L]
### SILVERSTRIPE START ###
# See: http://www.silverstripe.org/installing-silverstripe/show/12328#post283997
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /current/
RewriteRule ^(.*)$ /current/$1
</IfModule>
### SILVERSTRIPE END ###
AddHandler application/x-httpd-php54 .php
and one at the current folder:
### SILVERSTRIPE START ###
<Files *.ss>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Files>
<Files web.config>
Order deny,allow
Deny from all
</Files>
ErrorDocument 404 /assets/error-404.html
ErrorDocument 500 /assets/error-500.html
<IfModule mod_alias.c>
RedirectMatch 403 /silverstripe-cache(/|$)
</IfModule>
<IfModule mod_rewrite.c>
SetEnv HTTP_MOD_REWRITE On
RewriteEngine On
RewriteBase '/'
RewriteCond %{REQUEST_URI} ^(.*)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* framework/main.php?url=%1&%{QUERY_STRING} [L]
</IfModule>
### SILVERSTRIPE END ###
The problem with this setup is, that the site is available as domain.com and domain.com/current
How can i forbid/deny the access via the current Directory?
The best solution would be a external redirect to the same page but without the current in the URL. How can I create a redirection to the site without the current directory in the URL?
So all URL get rewriten (external) like this:
- domain.com/current --> domain.com
- domain.com/current/example --> domain.com/example
- domain.com/current/what/ever/ --> domain.com/what/ever
So far i have found this answer: Url rewrite subfolder to root and forbid accessing subfolder. The solution seems not to be working in my case. If I access the page with this solution, I get a 403 error and an aditional error 500 because the error document could not be found.
Upvotes: 2
Views: 1836
Answers (2)
Reputation: 785266
How can i forbid/deny the access via the current Directory?
Insert this rule as your very first rule in /current/.htaccess:
# if direct request is made for /current/abc then external redirect to /abc
RewriteCond %{THE_REQUEST} \s/current/(\S*) [NC]
RewriteRule ^ /%1 [L,R=301,NE]
THE_REQUESTvariable represents original request received by Apache from your browser and it doesn't get overwritten after execution of some rewrite rules.- This rule will prohibit your users to send any direct request for
/current/URI.
Upvotes: 3
Related Questions
- deny direct access to a folder and file by htaccess
- .htaccess to rewrite rules and block file access for specific folder
- Deny access to some subdirectories via .htaccess
- RewriteRule allow access to only certain subfolders in a folder
- Don't rewrite particular subfolder
- How to allow access to a sub-folder and its contents, but not its parent folder and contents?
- htaccess to deny access to files except when accessed from a specific subfolder on server
- htaccess deny from all in specific subfolder
- Deny access to subdirectories using htaccess
- Url rewrite subfolder to root and forbid accessing subfolder