Mod_rewrite - Deny access to certain folders

Server Config
1

Im wondering if its possible to deny access to certain folders using mod_rewrite?

I know of the option: #Options -Indexes - However ppl can still access my files if they know of the name.

I have a site built up using an MVC and my structure looks like this.

Root
Root/Models <- deny
Root/Views <- deny
Root/Controllers <-deny
Root/Media <-deny
Root/Css <- allow

Im at my start in learning the mod_write, wich seems like good stuff to me.

My current .htaccess looks like this.

RewriteEngine on
RewriteRule ^/?([a-z0-9_]+)/?([a-z0-9_]+)?/?([a-z0-9_]+)?$ index.php?page=$1&action=$2&id=$3 [L]
2

You can protect your directories using Password protect directory from your control panel.

3

I know of several ways of how to achieve this, best one probably is denying in a .htaccess file in that directory.

However im keen on learning mod rewriting hence i want to understand how to do it this way.

I have the following code not working, why is it not working?

RewriteCond {REQUESTED_FILE} !^images.*
RewriteRule ^/?(.*)/+$ http://&#37;{HTTP_HOST}/crille/kaksidesign/ [L,NC]

Should not

RewriteCond {REQUESTED_FILE} !^images.*

Exclude that match from my rewrite?

I have got this following code to do what i want.

RewriteRule ^/?(models|views|controllers|includes)/+$ http://%{HTTP_HOST}/crille/kaksidesign/ [L,NC]
4

t3ch,

twhd is correct - that’s the typical approach.

However, yes, you can do this with pure mod_rewrite, too, e.g.:

RewriteRule ^Models/ - [F]

will send a FAIL code rather than ANY content from the Models subdirectory. Given that, the ONLY way for you to use any Models file is to include() it (or similar) via PHP code from a script in an open directory. I don’t know what you have in ANY of your subdirectories but Media may cause a problem if it contains your website’s images. Same with any of the other subdirectories.

Learn more about mod_rewrite by having a look at the tutorial Article linked in my signature (from years of answering the same questions in this forum).

Regards,

DK

5

Thanx for your reply.

After reading your guide, wich was good reading, im still having some issues grasping this.

RewriteCond %{REQUESTED_FILE} !^/?media/?$
RewriteRule ^/?([a-zA-Z]+)/?$ http://127.0.0.1/crille/test/ [NC,L]

Should that not redirect any requested dir BUT /media/ - ?

6

t3ch,

RewriteCond %{REQUESTED_FILE} !^/?media/?$
RewriteRule ^/?([a-zA-Z]+)/?$ http://127.0.0.1/crille/test/ [NC,L]

Naw, that’s wrong from several viewpoints:

[COLOR="Blue"]RewriteEngine on[/COLOR]
# RewriteCond %{REQUESTED_FILE} !^/?media/?$
# I don't know what {REQUESTED_FILE} is!
RewriteCond %{REQUEST_URI} !^/?media/?$
# Apache 1.x AND Apache 2.x
# NOT media as the start of something or a directory???
RewriteRule ^/?([a-zA-Z]+)/?$ http://127.0.0.1/crille/test/ [NC,L]
# the optional trailing slash can cause problems with relative links
# in the served script - remove it if it's there!
# WHY use localhost in the redirection?
# The No Case flag is only useful in matching
# case INsensitive strings, i.e, {HTTP_HOST}

Yes, that should redirect http://localhost/{NOT media)/ to http://127.0.0.1/crille/test/. I trust that you have a DirectoryIndex there, though.

If it’s not, have you confirmed that mod_rewrite is enabled and running (test.html => test.php)?

Regards,

DK

7

Thank you so much!

I think i have now understood how rewrite works.
Very much apreciated!

8

:Partier:

Regards,

DK