2

I have a .htaccess file with the following contents:

<IfModule mod_rewrite.c>  
    RewriteEngine on
    SetEnv HTTP_MOD_REWRITE on
    RewriteBase /wsproject/

    Options All -Indexes
    DirectoryIndex index.php

    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-l
    RewriteRule ^(.+)$ index.php?url=$1 [QSA,L]
</IfModule>

I want to hide everything from the users: the directory structure and private files, while enable public files: *.js, *.html, *.css, *.swf, *.jpg and other stuff. I want .php files to be accessible only from the file system, except only the index.php in the root dir.

I only want to serve request via HTTP which are written with an (abstract) MVC URL pattern like: www.domain.com/lang/controller_name/action_name/arg1/arg2/././argn, which are being rewritten by .htaccess, and public *.html, *.js ...etc files.

While Options All -Indexes hides file listing, it will not prevent an undesirable request e.g.: www.domain.com/library/Bootstrap.php from being served. Whereas deleting/commenting out RewriteCond %{REQUEST_FILENAME} !-f would solve this, but in this case none of my public .html, .css, .js ...etc files would be served.

I tried to apply Deny from all for each php files except the index.php but I always get an 500-internal server error message. Im doing this on localhost, on windows.

Any ideas?

Improve this question

2 Answers 2

Reset to default
3

Instead of stating that all but existing files should be directed to index.php, you can say that everything except *.js, *.html, *.css, *.swf, *.jpg should be directed to index.php.

This isn't exactly the same as denying, since you don't give a Forbidden response. Though in this case you don't give out any information about which files exist or not, so I'd argue that it's a better solution.

<IfModule mod_rewrite.c>  
    RewriteEngine on
    SetEnv HTTP_MOD_REWRITE on
    RewriteBase /wsproject/

    Options All -Indexes
    DirectoryIndex index.php

    RewriteRule \.(js|html|css|swf|jpg)(\?|$) - [QSA,L]
    RewriteRule ^index.php(\?|$) - [QSA,L]
    RewriteRule ^(.+)$ index.php?url=$1 [QSA,L]
</IfModule>

Note that rewriting to -, means no rewriting is done at all.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This worked well for me when the above solutions did not - slight modifications for those that try it: Remove RewriteBase if you don't need it Add some additional RewriteRule exceptions for Folders / Files if necessary, like so: RewriteRule ^administrator - [QSA,L] RewriteRule \.(js|html|css|swf|jpg|ico|eot|woff|ttf|svg)(\?|$) - [QSA,L]
1

Rather than (or maybe as well as...) editing your .htaccess file, I'd suggest using the chmod command to modify the read/write/executability values of your files.

A relatively succinct and sensible explanation of what chmod is/does can be found in the accepted answer here, but generally the simplest way is to chmod 644 your files and chmod 755 your folders.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.