gabtzi
Reputation: 603
.htaccess from root directory prevents access to subdirectory php files
I have a Magento installation in a root directory and a few standalone scripts in a subdirectory like this
app
index.php
...
.htaccess
scripts/
├── csv-generator
├── index.html
├── index.php
├── label-print
└── stock-manage
My problem is that whenver I try to access php or html files in /scripts directory the .htaccess from root directory seems to kick in and launches my magento application instead of the subdirectory scripts
docroot .htaccess
############################################
## GoDaddy specific options
# Options -MultiViews
## you might also need to add this line to php.ini
## cgi.fix_pathinfo = 1
## if it still doesn't work, rename php.ini to php7.ini
############################################
## default index file
DirectoryIndex index.php
############################################
## php7 settings
<IfModule mod_php7.c>
############################################
## adjust max execution time
php_value max_execution_time 18000
############################################
## disable automatic session start
## before autoload was initialized
php_flag session.auto_start off
############################################
## enable resulting html compression
#php_flag zlib.output_compression on
###########################################
# disable user agent verification to not break multiple image upload
php_flag suhosin.session.cryptua off
</IfModule>
<IfModule mod_security.c>
###########################################
# disable POST processing to not break multiple image upload
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
<IfModule mod_deflate.c>
############################################
## enable apache served files compression
## http://developer.yahoo.com/performance/rules.html#gzip
# Insert filter on all content
###SetOutputFilter DEFLATE
# Insert filter on selected content types only
#AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript
# Netscape 4.x has some problems...
#BrowserMatch ^Mozilla/4 gzip-only-text/html
# Netscape 4.06-4.08 have some more problems
#BrowserMatch ^Mozilla/4\.0[678] no-gzip
# MSIE masquerades as Netscape, but it is fine
#BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
# Don't compress images
#SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
# Make sure proxies don't deliver the wrong content
#Header append Vary User-Agent env=!dont-vary
</IfModule>
<IfModule mod_ssl.c>
############################################
## make HTTPS env vars available for CGI mode
SSLOptions StdEnvVars
</IfModule>
<IfModule mod_rewrite.c>
############################################
## enable rewrites
Options +FollowSymLinks
RewriteEngine on
############################################
## you can put here your magento root folder
## path relative to web root
#RewriteBase /magento/
############################################
## uncomment next line to enable light API calls processing
# RewriteRule ^api/([a-z][0-9a-z_]+)/?$ api.php?type=$1 [QSA,L]
############################################
## rewrite API2 calls to api.php (by now it is REST only)
RewriteRule ^api/rest api.php?type=rest [QSA,L]
############################################
## workaround for HTTP authorization
## in CGI environment
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
############################################
## TRACE and TRACK HTTP methods disabled to prevent XSS attacks
RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
RewriteRule .* - [L,R=405]
<IfModule mod_setenvif.c>
############################################
## Enable Developer Mode based on OS environment variable
SetEnvIfExpr "osenv('MAGE_IS_DEVELOPER_MODE') == '1'" MAGE_IS_DEVELOPER_MODE=1
<IfModule mod_headers.c>
############################################
# X-Content-Type-Options: nosniff disable content-type sniffing on some browsers.
Header set X-Content-Type-Options: nosniff
############################################
# This header forces to enables the Cross-site scripting (XSS) filter in browsers (if disabled)
BrowserMatch \bMSIE\s8 ie8
Header set X-XSS-Protection: "1; mode=block" env=!ie8
</IfModule>
</IfModule>
############################################
## redirect for mobile user agents
#RewriteCond %{REQUEST_URI} !^/mobiledirectoryhere/.*$
#RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC]
#RewriteRule ^(.*)$ /mobiledirectoryhere/ [L,R=302]
############################################
## always send 404 on missing files in these folders
RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
############################################
## never rewrite for existing files, directories and links
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
############################################
## rewrite everything else to index.php
RewriteRule .* index.php [L]
</IfModule>
############################################
## Prevent character encoding issues from server overrides
## If you still have problems, use the second line instead
AddDefaultCharset Off
#AddDefaultCharset UTF-8
<IfModule mod_expires.c>
############################################
## Add default Expires header
## http://developer.yahoo.com/performance/rules.html#expires
ExpiresActive On
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access plus 2 days"
</IfModule>
############################################
## By default allow all access
Order allow,deny
Allow from all
###########################################
## Deny access to release notes to prevent disclosure of the installed Magento version
<Files RELEASE_NOTES.txt>
order allow,deny
deny from all
</Files>
############################################
## If running in cluster environment, uncomment this
## http://developer.yahoo.com/performance/rules.html#etags
#FileETag none
###########################################
## Deny access to cron.php
<Files cron.php>
############################################
## uncomment next lines to enable cron access with base HTTP authorization
## http://httpd.apache.org/docs/2.2/howto/auth.html
##
## Warning: .htpasswd file should be placed somewhere not accessible from the web.
## This is so that folks cannot download the password file.
## For example, if your documents are served out of /usr/local/apache/htdocs
## you might want to put the password file(s) in /usr/local/apache/.
#AuthName "Cron auth"
#AuthUserFile ../.htpasswd
#AuthType basic
#Require valid-user
############################################
Order allow,deny
Deny from all
</Files>
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php74” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php74___lsphp .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
Subdirectory .htaccess
Authtype Basic
AuthName "Restricted area"
AuthUserFile "/home/passwd"
Require valid-user
It seems the directive
RewriteRule .* index.php [L]
Is kicking in for all requests, and I'm trying to find a way to ignore the scripts directory so that it works normally. Any help is appreciated.
Upvotes: 1
Views: 748
Answers (1)
MrWhite
Reputation: 45829
@CBroe: Put a
RewriteRule ^scripts/ - [END]somewhere before that index.php rewrite.@OP: I put it directly above the
RewriteRule .* index.php [L]
############################################ ## always send 404 on missing files in these folders RewriteCond %{REQUEST_URI} !^/(media|skin|js)/ ############################################ ## never rewrite for existing files, directories and links RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-l ############################################ ## rewrite everything else to index.php RewriteRule .* index.php [L]
This is one rule (it's just "confusingly" split up). You should not add another RewriteRule directive immediatley before the above RewriteRule directive as that will likely break your site. When it is stated to put something "before the index.php rewrite" it means before the entire rule, ie. before the first RewriteCond directive that applies to that rule.
However, in the above, you could just add scripts to the first RewriteCond directive.
For example:
RewriteCond %{REQUEST_URI} !^/(media|skin|js|scripts)/
This condition prevents the rule from being processed when any one of these root directories is requested.
However, ordinarily, the rule will naturally exclude requests for physical files and directories (that's what the 3 conditions in the middle are doing). However, for some reason this would not seem to be happening.
Upvotes: 1
Related Questions
- Access denied to root folder and files but allow subfolders and files via .htaccess
- .htaccess not allowing sub-directory to work
- .htaccess rewrite in subdirectory not working under root directory with .htaccess
- Rewrite request in root directory is blocking access to subdirectories
- .htaccess in Subfolder not working
- .htaccess in subdirectory always refers to root
- .htaccess preventing subdirectory access
- Unable to access sub directories / folders with Magento installed at root?
- .htaccess being ignored in sub-directory
- .htaccess in subdirectory