Untested, but I would try a second condition such as:

RewriteCond %{REQUEST_URI} !^test/(.*)/

Others may improve on it, but a wildcard seems to be what you need.

Welcome to WebmasterWorld.

...

You just need a more-specific, end-anchored pattern:

RewriteEngine on
#
RewriteCond %{REMOTE_ADDR} !^217\.000\.118\.80$
RewriteRule ^test/[^/]*$ - [F] 

The pattern will now match only if there is not another slash after "/test/"

You should take access controls and cache controls into account when laying out your directory structure -- among other things...

Jim

[edited by: jdMorgan at 4:53 pm (utc) on Jan. 8, 2009]

Thanks very much for help and warm welcome to the forum.

Jim, I was able to implement the method you suggested however I have another question...

The script you provided means that I can block out the following directory:

domain/test/

on the condition that if a sub-folder contains a '/' slash after the folder title e.g

domain/test/subfolder1/

My question is: Is it possible to amend the script so that if the slash was missed off the end of the subfolder you would still be able to access the subfolder? e.g

domain/test/subfolder

Hope this all makes sense?

Is this a standard method of providing internal access to a folder within a domain?

Previously to provide access to a subfolder on a domain I have used a secure login & password but this means that each subfolder would also require the login.

I have a feeling that perhaps I am confused about how to structure the security within a domain and its subfolders?

All help most appreciated with this... even if it just pointing me in the right direction :-)

My question is: Is it possible to amend the script so that if the slash was missed off the end of the subfolder you would still be able to access the subfolder? e.g

domain/test/subfolder

No, not easily, unless there is a page named "subfolder" in the Web root directory on the server. Understand that /subfolder/ refers to a directory, but /subfolder refers to a page.

If you omit the trailing slash from a URL, and if the slash-less URL does not resolve to an existing page but does resolve to an existing directory when a slash is added, then the server will try to "help" by invoking mod_dir to append the missing slash and generate an external redirect, telling the client to re-request what it asked for initially, but using a new URL having a trailing slash. You could disable mod_dir, but I don't recommend it.

Also, you don't want the same content to be available at /subfolder and at /subfolder/, since this is creating a duplicate-content problem and can affect search ranking.

Jim

Thanks Jim, that makes sense.

Is there any way that the 'allow from [ip address]' parameter could be used perhaps if the .htaccess was positioned in the root of the 1st subfolder? Or another technique (other than the suggested technique) And then obviously still allow the successive subfolders to be viewed by anyone?

I am out of my comfort zone here as I'm sure you can tell however I am under pressure to find a solution... so again, I'm very grateful for all your help!

I'm not sure I understand your question -- admittedly, the terminology required to discuss this subject is tough...

Maybe try this:

RewriteEngine on
#
# If our IP address, internally rewrite requests for /test to /test/
RewriteCond %{REMOTE_ADDR} ^217\.000\.118\.80$
RewriteRule ^test$ /test/ [L]
#
# If not our IP address, forbid access to /test/ (and to /test after mod_dir action)
RewriteCond %{REMOTE_ADDR} !^217\.000\.118\.80$
RewriteRule ^test/[^/]*$ - [F]

It essentially prevents mod_dir being invoked and therefore by-passes the rule for "/test" requests from your IP address.

Note that I've obscured the actual IP address.

Jim

Keep in mind that, by default but configurable [httpd.apache.org] since apache 2.0.30, it's up to the content handler whether to accept path_info or not. If a request /test/script/path/info resolves to /physical/path/to/test/script and the handler for script accepts path_info, one could bypass the rule, because you're matching against script/path/info in your rule-pattern.

Is there any way that the 'allow from [ip address]' parameter could be used

Override the setting in each subfolder or get access to your server configuration file (mostly httpd.conf) and use

<DirectoryMatch>

.

Thanks again for your help guys, I have been looking into this issue again this morning and found another method of trying to achieve my goal. Hopefully this will explain exactly what I am looking to achieve.

example domain structure: domain/test/subfolder/

I have placed the following script inside the .htaccess folder within the folder [test] :

AuthName "test"
AuthType Basic
<Limit GET POST>
order deny,allow
deny from all
allow from 217.33.118.80
</Limit>

this allows our internal ip address and denys all others.

I have then placed the following script inside the .htaccess folder within the folder [subfolder] :

AuthName "subfolder"
AuthType Basic
<Limit GET POST>
order deny,allow
allow from all
</Limit>

if I add a .htaccess file to each [subfolder] this then allows full access to all for each of the sub folders of [test].

So this achieves the functionality I am looking for however requires I add a .htaccess file to each sub-folder.

Are issues using this method I am not aware of? Is there a method I could use that would achieve the same functionality but with a single .htaccess file? or by using an alternate method entirely?