SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Member
    Join Date
    Jan 2007
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Mod_rewrite - Deny access to certain folders

    Im wondering if its possible to deny access to certain folders using mod_rewrite?

    I know of the option: #Options -Indexes - However ppl can still access my files if they know of the name.

    I have a site built up using an MVC and my structure looks like this.

    Code:
    Root
    Root/Models <- deny
    Root/Views <- deny
    Root/Controllers <-deny
    Root/Media <-deny
    Root/Css <- allow
    Im at my start in learning the mod_write, wich seems like good stuff to me.

    My current .htaccess looks like this.

    PHP Code:
    RewriteEngine on
    RewriteRule 
    ^/?([a-z0-9_]+)/?([a-z0-9_]+)?/?([a-z0-9_]+)?$ index.php?page=$1&action=$2&id=$[L

  2. #2
    Non-Member thewebhostingdir's Avatar
    Join Date
    Oct 2005
    Posts
    703
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can protect your directories using Password protect directory from your control panel.

  3. #3
    SitePoint Member
    Join Date
    Jan 2007
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I know of several ways of how to achieve this, best one probably is denying in a .htaccess file in that directory.

    However im keen on learning mod rewriting hence i want to understand how to do it this way.

    I have the following code not working, why is it not working?

    Code:
    RewriteCond {REQUESTED_FILE} !^images.*
    RewriteRule ^/?(.*)/+$ http://&#37;{HTTP_HOST}/crille/kaksidesign/ [L,NC]
    Should not
    Code:
    RewriteCond {REQUESTED_FILE} !^images.*
    Exclude that match from my rewrite?

    I have got this following code to do what i want.

    Code:
    RewriteRule ^/?(models|views|controllers|includes)/+$ http://%{HTTP_HOST}/crille/kaksidesign/ [L,NC]

  4. #4
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,645
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    t3ch,

    twhd is correct - that's the typical approach.

    However, yes, you can do this with pure mod_rewrite, too, e.g.:
    Code:
    RewriteRule ^Models/ - [F]
    will send a FAIL code rather than ANY content from the Models subdirectory. Given that, the ONLY way for you to use any Models file is to include() it (or similar) via PHP code from a script in an open directory. I don't know what you have in ANY of your subdirectories but Media may cause a problem if it contains your website's images. Same with any of the other subdirectories.

    Learn more about mod_rewrite by having a look at the tutorial Article linked in my signature (from years of answering the same questions in this forum).

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  5. #5
    SitePoint Member
    Join Date
    Jan 2007
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanx for your reply.

    After reading your guide, wich was good reading, im still having some issues grasping this.

    Code:
    RewriteCond %{REQUESTED_FILE} !^/?media/?$
    RewriteRule ^/?([a-zA-Z]+)/?$ http://127.0.0.1/crille/test/ [NC,L]
    Should that not redirect any requested dir BUT /media/ - ?

  6. #6
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,645
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    t3ch,

    Code:
    RewriteCond %{REQUESTED_FILE} !^/?media/?$
    RewriteRule ^/?([a-zA-Z]+)/?$ http://127.0.0.1/crille/test/ [NC,L]
    Naw, that's wrong from several viewpoints:
    Code:
    RewriteEngine on
    # RewriteCond %{REQUESTED_FILE} !^/?media/?$
    # I don't know what {REQUESTED_FILE} is!
    RewriteCond %{REQUEST_URI} !^/?media/?$
    # Apache 1.x AND Apache 2.x
    # NOT media as the start of something or a directory???
    RewriteRule ^/?([a-zA-Z]+)/?$ http://127.0.0.1/crille/test/ [NC,L]
    # the optional trailing slash can cause problems with relative links
    # in the served script - remove it if it's there!
    # WHY use localhost in the redirection?
    # The No Case flag is only useful in matching
    # case INsensitive strings, i.e, {HTTP_HOST}
    Yes, that should redirect http://localhost/{NOT media)/ to http://127.0.0.1/crille/test/. I trust that you have a DirectoryIndex there, though.

    If it's not, have you confirmed that mod_rewrite is enabled and running (test.html => test.php)?

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  7. #7
    SitePoint Member
    Join Date
    Jan 2007
    Posts
    13
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thank you so much!

    I think i have now understood how rewrite works.
    Very much apreciated!

  8. #8
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,645
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)


    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •