user3799263
Reputation: 35
Mod Rewrite Restrict Access
Using Zend Skeleten Application and having following rules in .htaccess.
RewriteEngine On
# The following rule tells Apache that if the requested filename
# exists, simply serve it.
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
# The following rewrites all other queries to index.php. The
# condition ensures that if you are using Apache aliases to do
# mass virtual hosting, the base path will be prepended to
# allow proper resolution of the index.php file; it will work
# in non-aliased environments as well, providing a safe, one-size
# fits all solution.
RewriteCond %{REQUEST_URI}::$1 ^(/.+)(.+)::\2$
RewriteRule ^(.*) - [E=BASE:%1]
RewriteRule ^(.*)$ %{ENV:BASE}index.php [NC,L]
Tried to restrict accest only to 4 particular urls
/(index page)/login/register/auth(authorrized page)
by adding
RewriteCond %{REQUEST_URI} !register$
RewriteCond %{REQUEST_URI} !login$
RewriteCond %{REQUEST_URI} !index$
RewriteCond %{REQUEST_URI} !auth$
RewriteRule ^(.+)$ /chat/ [NC]
But that doesn't seem to work.
- Full path to index file
localhost/testorlocalhost/test/index - Full path to login file
localhost/test/login - Full path to register file
localhost/test/register - Full path to authfile
localhost/test/auth
Issue Problem
localhost/test/ is same as localhost/test/index and localhost/test/index/index save for localhost/test/login the same as localhost/test/login/index. Tried to implement this in .htaccess. But it doesn't seem to work [OR] condition.
RewriteCond %{REQUEST_URI} !^/test/(register|login|index|auth)$ [OR]
RewriteCond %{REQUEST_URI} !^/test/(register|login|index|auth)/(index)$ [OR] **edited**
RewriteCond %{REQUEST_URI} !^/test/$
RewriteRule ^ - [F]
Resolved Issue
RewriteCond %{REQUEST_URI} !^/test/(\/|register|register/index|login|login/index|index|index/index|auth|auth/index|)$
RewriteRule ^ - [F]
Upvotes: 0
Views: 142
Answers (1)
Rahil Wazir
Reputation: 10142
You can have this rule:
RewriteCond %{REQUEST_URI} !(register|login|index|auth)$
RewriteRule ^ - [F]
Upvotes: 1
Related Questions
- deny direct access to a folder and file by htaccess
- How do I use mod rewrite to deny access to specific URL generated by PHP?
- .htaccess only allow access to index.php and a directory
- htaccess deny access to all php files except specific one
- Restrict access to wordpress site using htaccess
- htaccess restrict post access to specific url
- Apache redirect and prevent access
- Allow only access to a specific mod_rewrite generated URL, deny all other http requests
- Deny direct access to php files
- Using .htaccess to restrict access to files