prevent access to files

Forum Moderators: phranque

Message Too Old, No Replies

prevent access to files

rewritecond rewriterule mod_rewrite

ucbones

5:03 pm on Aug 12, 2004 (gmt 0)

Hi,

I store all my client's websites in a folder called clients.

A few nifty rewriterules are employed to enable the client to access their sites at [example.com...] instead of having to use [example.com...]

I want to deny access to the second address, so anyone trying to get to [example.com...] gets redirected to another page, without blocking access to the first.

I tried:

RewriteCond %{REQUEST_URI} ^http://.*example.com/clients/.*
RewriteRule ^.*$ splash.php

to no avail,

Any ideas?
Many thanks,

ubcones

[edited by: rogerd at 8:18 pm (utc) on Aug. 12, 2004]
[edit reason] No specifics/URLs, please... [/edit]

jdMorgan

9:53 pm on Aug 12, 2004 (gmt 0)

You'll need to use HTTP_HOST to test the requested domain.


RewriteCond %{HTTP_HOST} example\.com
RewriteRule ^/clients/ /splash.php [L]

A few caveats:
First, the code above is intended for httpd.conf. For use in .htaccess, remove the leading slash from the RewriteRule pattern.
Second, if you already have rules in place to rewrite *to* example.com/clients/, the above rule may conflict with it, and you may get access denied or an "infinite" loop of rewriting. If that happens, I don't know of a fix.

Jim

ucbones

10:34 pm on Aug 12, 2004 (gmt 0)

thanks for your help, but think you misunderstood:

I want anyone requesting:
[example.com...]

to be fed:
[example.com...]

but anyone explicitly requesting:
[example.com...]

to be fed:
[example.com...]

Hence I think I need %{REQUEST_URI) not %(HTTP_HOST)

Any ideas?

jdMorgan

1:24 am on Aug 13, 2004 (gmt 0)

Yes, try it...

Jim

ucbones

8:16 am on Aug 13, 2004 (gmt 0)

I did using:

RewriteCond %{REQUEST_URI} ^clients/.*
RewriteRule ^.*$ splash.php

It didn't work- any ideas?

I'm working from a .htaccess file in the public root of my site.

Cheers,

ucbones

jdMorgan

1:17 pm on Aug 13, 2004 (gmt 0)

REQUEST_URI will always start with a slash, therefore, your RewriteCond pattern won't ever match.

Jim

ucbones

1:33 pm on Aug 13, 2004 (gmt 0)

RewriteCond %{REQUEST_URI} ^/clients/.*
RewriteRule ^.*$ splash.php

Seems to be matching whether the address explicity requested is

[example.com...]
or
[example.com...]

Any ideas?
Cheers,

ucbones

p.s. Thanks for the help and patience jdmorgan!

jdMorgan

1:47 pm on Aug 13, 2004 (gmt 0)

> Second, if you already have rules in place to rewrite *to* example.com/clients/, the above rule may conflict with it, and you may get access denied or an "infinite" loop of rewriting. If that happens, I don't know of a fix.

The pattern "/clients/" can't match "/clientnames/", so I suspect the above may be the problem.

Generally, if you do the kind of rewrite you're doing, the client subdirectory - the "ugly" URL always remains accessible in addition to the "nice" URL. That's because you can only use mod_rewrite to "rewrite one way." If you tell the server to rewrite URLa to URLb, then both URLa and URLb will be accessible. If you then try to limit access to URLb, then both will fail. If you redirect URLb back to URLa, then you get a loop.

If you just want to "hide" the client subdirectories from people who've already discovered them, you could simply change the client subdirectory names, rewrite to the new subdirectories instead, and never tell them the new subdirectory URLs. You have to take particular care to make sure that the new subdirectory names are not exposed by an error in your ErrorDocument handling, and that you always use internal rewrites rather than external redirects to access the new subdirectories. In this regard, it's better to get everything tested and working using the old subdirectory names, and then switch them.

There is a solution if you have access to httpd.conf, and that is to set up the client subdirectories as aliases (mod_alias), rather than using rewrites or redirects.

Jim