Forum Moderators: phranque
1) Is it possible to use mod_rewrite within a directory block in a conf file as well as at the same time using .htaccess?
I have a CMS system installed for a client, it comes with a .htaccess file. I can fill it with more rewrite rules, but on update of the CMS, someone will have to remember to carry over the rules I appended to it.
I see no way to include a second .htaccess file into the first, and I would like to manage a second set of rules in a separate file.
I have tried to set up mod_rewrite rules in a Directory block, but it appears the .htaccess takes over, and does not allow it to happen.
2) I have a list of url's that I want to block...
RewriteCond %{REQUEST_URI} /templates/jpath/file\.php [NC,OR]
RewriteCond %{REQUEST_URI} /place/foo/second_file\.php [NC,OR]
# Send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
As soon as I enable these rules, the entire site ends up with the 403. These files live in /.htaccess which is at http://example.com/.htaccess
The last rewrite rule there, is it a terrible idea to send them to a loopback address? If not, can someone show me how to do so?
I have about 6 URL's such as above that I want to block access to. Right now, I have removed the files, and they 404, but I would like to be more aggressive about what happens when those files are even attempted to be hit.
Ideally, I would like to take the hits, log the IP, and add them to a file, which would get applied to a deny list. Any suggestions?
Thanks for any help.
If is improper to try to force a URL with a 403 response. Just let Apache's handler do it. You can define a custom 403 page with the ErrorDocument directive. Read the warning about not using a URL as an ErrorDocument!
There's a good reason to use a custom 403 page: The 403 page will likely be a lot shorter than your index page, so this avoids wasting a lot of bandiwidth on unwelcome requests.
A proper rewriterule syntax example for a 403 invocation would be:
RewriteRule .* - [F]
Note that [F] implies [L].
Make sure that the last RewriteCond in your 'list' does not have an [OR] flag on it, as this would make no sense and is therefore invalid.
Jim
RewriteCond %{REQUEST_URI} ^/dsadsa/ewqewq/dsa/fsadas\.php$ [OR]
RewriteCond %{REQUEST_URI} ^/etret/wwe/gfdg/fsadas\.php$
RewriteRule ^ - [F]
Jim
I suspect the ^ means starts with, the the $ is a wildcard type of thing?
Is it really needed to escape the dot? Apache docs show examples in which they do not, I would like to know the pro's and con's of that, as well as what should be escaped.
Am I correct in my analysis that a <Directory ... > that calls to mod_rewrite can not point to the same directory in which an .htaccess file is?
Jim
