Folder content request redirect to root or specified URL

Running WordPress web sites, some stand –alone others multi-site.

Goal: Any request for files in a folder directly by their URL be redirected to root or specified URL. If requests for those same files come from a link or a call via WordPress within the domain allow it.

Since WordPress uses rewrite rules in root, I am concerned that using rewrite rules in htaccess files in subfolders may cause issues with WordPress. Hence, my thought to redirect back to root thinking that the rewrite rules there will over ride previous rules from a subfolder. However, this may not be an issue since my goal is for requests that do not go through root, that is, through WordPress be redirected.

And, I’m really weak on htaccess use. I assume that an htaccess file in root can set up rules between the server and the visitor, and these are the rules to abide by while communicating with the server until another set of rules come into play via another htaccess file with new instructions or conditions. Then these new rules remain intact until changed once again. Is this assumption correct? Or does a new htaccess add to, rather than replace the previous set of rules?


Welcome to SitePoint!

The rule for .htaccess files is that they are accessed and parsed in order of the path of the request, i.e., the DocumentRoot’s .htaccess is acted upon first, then the next directory’s .htaccess until the file is served.

What you described told me a few things:

  1. WP will pass any request to an existing file or directory without redirecting to its index.php (request handler).

  2. There is something wrong with your subdirectory’s .htaccess if it’s looping back to the DocumentRoot. It does not replace the DocumentRoot’s .htaccess but only adds to it … within its directory!

More information gets a better answer (i.e., what’s wrong with the subdirectory’s .htaccess logic).



Well, there is no htaccess in the folders of concern - yet. WP will deliver up page content when called by itself, such as images, PDF, Doc, etc. And, the same content can be accessed and called by a direct link without having to even visit root, and it is this I want to prevent, but also if such a direct request is made, redirect to root which will cause the WP home page to come up. (or perhaps instead of root, the WP log in page).

My inquiry is figure out “how to” create a htaccess file with the proper content to accomplish this before going on a long trial and error process. And I am concerned that having such a htaccess file in a sub-folder causing a redirect to root that it would conflict with the root’s htaccess file. Root htaccess file has rewrite rules and conditions, and I assume that to accomplish what I looking for would also require the sub-folder haccess file to contain rewrite rules and conditions.

I suppose I could just cause any request to the sub-folder to be disallowed via a htaccess file, but it is the redirect I’m looking for.

It actually goes in the opposite direction.


In the directory /www/htdocs/example1 we have a .htaccess file containing the following:

Options +ExecCGI

In the directory /www/htdocs/example1/example2 we have a .htaccess file containing:

Options Includes

Because of this second .htaccess file, in the directory /www/htdocs/example1/example2, CGI execution is not permitted, as only Options Includes is in effect, which completely overrides any earlier setting that may have been in place.

Indeed, it will cause an issue. For any request to that subfolder, none the rewrite rules from the root will run.

The simplest solution is to keep all your rewrites in the same root htaccess file.

# Any request for files in a folder be redirected to root or specified URL
RewriteRule ^your/special/folder/ /specified/url [R,L]

This is what I was concerned with, and your answer makes sense.

The simplest solution is to keep all your rewrites in the same root htaccess file.

# Any request for files in a folder be redirected to root or specified URL
RewriteRule ^your/special/folder/ /specified/url [R,L]

OK. But wouldn’t this prevent WP from accessing ^your/special/folder/ as well?

Here is the content of htaccess in root:

# BEGIN s2Member GZIP exclusions
<IfModule mod_rewrite.c>
	RewriteEngine On
	RewriteBase /
	RewriteCond %{QUERY_STRING} (^|\\?|&)s2member_file_download\\=.+ [OR]
	RewriteCond %{QUERY_STRING} (^|\\?|&)no-gzip\\=1
	RewriteRule .* - [E=no-gzip:1]
# END s2Member GZIP exclusions

# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\\.php$ - [L]

# add a trailing slash to /wp-admin
RewriteRule ^wp-admin$ wp-admin/ [R=301,L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^(.*\\.php)$ $1 [L]
RewriteRule . index.php [L]

# END WordPress

And this is the folder I want to be inaccessible except by WP itself:


Ahh, yes. I forgot about the second half of your goal, that the request should be allowed if the user came from a link on your site. For that, we’ll check the referrer.

# If this request did not come from your site
RewriteCond %{HTTP_REFERER} !^[^:]+://
# Then redirect any request for files in a folder be redirected to root or specified URL
RewriteRule ^your/special/folder/ /specified/url [R,L]

FYI, though, that the referrer can be spoofed.