Forum Moderators: phranque
If I have this:
RewriteEngine on
RewriteBase /subdir
RewriteRule ^.* ../index.php [R=301,L]
Does that make files in /subdir 'as secure as' files above the document root? For example, for scripts that I only use as includes in other scripts and db user/password?
Completely different question, how does [OR] in RewriteCond parse out - is:
RewriteCond a$
RewriteCond b$ [OR]
RewriteCond c$ [OR]
RewriteRule ^d$ - [L]
The same as:
a AND (b OR c) AND d
or is it
((a AND b) OR c) AND d
I tried a test to see and it appears to me that it's the second, but I'm not sure my test was effective.
RewriteCond a$
RewriteCond b$ [OR]
RewriteCond c$ [OR]
RewriteRule ^d$ - [L]
If written as
RewriteCond a
RewriteCond b [OR]
RewriteCond c [OR]
RewriteCond d
RewriteRule e - [L]
(e AND a AND (b OR c OR d)
That is to say that the [OR] is a local function operating between one RewriteCond and the subsequent RewriteCond. Note that the RewriteConds are not evaluated unless the RewriteRule pattern matches. Both of these facts are described in the documentation.
Occasionally, the fixed precedence and scope of the implicit [AND] and the explicit [OR] will get in your way. Two techniques that can help are to use negative logic, skipping a subsequent rule if your conditions ARE NOT met, and using a kludged-up "local AND" like this:
# If Googlebot from valid IP address range
RewriteCond %{REMOTE_ADDR}<>%{HTTP_USER_AGENT} ^66\.249(\.[0-9]{1,3}){2}<>Mozilla/5\.0\ \(compatible;\ Googlebot
Jim
