Hi,

try this:

RewriteRule ^/files/php(.+)$ / [R=302,NC,L]

Andrew

Hi,

Thank you..
I tried it but it acts the same as the others i tried.

So if someone visits www.site.com/files/php/login.php it goes to www.site.com/login.php
The tricky part is that the url end with the requested file like....login.php

Thats the problem..
I want it to go to www.site.com

In .htaccess, you'd need:

RewriteRule ^files/php/.+(php¦html)$ / [R=302,NC,L]

Replace the broken pipe "¦" character above with a solid pipe character before use; Posting on this forum modifies that character.

For more information, see the documents cited in our forum charter [webmasterworld.com] and the tutorials in the Apache forum section of the WebmasterWorld library [webmasterworld.com].

Jim

I've been thinking hard about this and can't come up with a definate answer.
I have tested the RewriteRule I posted and it works properly on my computer.
Basicaly, though I am not accusing you of [mis-stating the facts], as far as I can see it is impossible for the rewriterule to redirect you to 'www.site.com/login.php' because it doesn't send 'login.php' to the substitute url i.e. the slash:
RewriteRule ^/files/php(.+)$ / [R=302,NC,L]

The only thing I can think of is that it is conflciting with another Rewriterule, a script based redirection (if you tried that at some point) or I'm just wrong!

Andrew

[edited by: jdMorgan at 3:27 am (utc) on Feb. 12, 2006]
[edit reason] Careful with wording, please. [/edit]

It may simply be that the browser cache was not flushed before testing... This is almost a requirement, since otherwise, the browser may serve a previously-cached copy of the page, thus making it appear that the code is not working.

Note that in a per-directory (.htaccess) context, the path to the current directory where the .htaccess code is installed will be stripped. This means that the path to the local directory, including the leading slash, will be removed from the URL-path examined by RewriteRule in .htaccess.

Jim

still not guys...i realy appreciate it.
But reading replies here makes me explaining it easier i hope....

the login.php is just an example....

lets say a casino bot or whatever goes into the directory /files/php/
and looks for the file contact.php or signup.php or register.php or even config.php.....thats just a file it looks for to abuse it.

its the same as guestbooks,they are also vunerable,cause the file to sign is most likely sign.php and for chatscripts its likely chat.php

Okay lets move on.....i had the directory /files/php/
but not anymore.
but if it was a chat directory they were looking for ...then they would use chat.php...understand?

So in order to stop this it means the rewrite has to be a catch all,same as mail to your website domain.

meaning that every php or html file requested after /files/php/....from here.... must be blocked and redirected to the main domain again.

And with the latest posted rewrite i get the same results...i pretend to visit www.mysite.com/files/php/webmaster.php (note:i just use webmaster.php as sample)....

rerwrite works but sends me to www.mysite.com/webmaster.php

Well i cant be clearer then this...

also flushed cache etc....nothing changed.

Then we'll have to go with "some other code is interfering" then, because the code I posted is dirt-simple and should work as you desire, assuming it's placed in .htaccess in the site's "home page" directory.

You might want to use a server headers checker to 'follow' the path that such a request takes; There may be multiple rewrites or redirects involved, and that's one way to find them.

BTW, since I forgot my manners... Welcome to WebmasterWorld!

Jim

but if it was a chat directory they were looking for ...then they would use chat.php...understand?

No, Why would they look for a file when it was a directory?
Do you have some URL rewriting already that writes the directories to php files?
If so the order of your rules can make a difference.

Hi...

Well thanks for the replies so far but you guys know 1000x more about this then i do....lol
You know how those bots work..
Point is ...they are looking for files to abuse simple as that.
Thing is...with a litle luck the file they request realy excist..

For example....every php running website maybe has a page called login.php , or has a includes folder so they try config.php or config-inc.php whatever..

So lets say i have www.site.com/files/php/
And whatever bot .. requests www.site.com/files/php/signup.php
why does the redirect or rewrite goes to www.site.com/signup.php? and not to www.site.com like i want?

Ok, this has to work:

RewriteEngine on
RewriteRule ^files/php(.+)$ / [R=302,NC,L]

Add this to the very top of your .htaccess file in the root directory.

When testing in your browser use Ctrl+F5 to refresh whithout using the cache.

If it doesn't work then something else must be interfering.

Andrew

ha...ha..now you did it!
that was it...solved.....
So if i understand correctly i can use this for other directories as well?

I'm glad we could help...
You can change the url reference to any thing you like:
i.e.

RewriteEngine on
RewriteRule ^files/php(.+)$ / [R=302,NC,L]
RewriteRule ^stuff/otherstuff(.+)$ / [R=302,NC,L]

But it must remain in the .htaccess file in the root.

Andrew

Thanks,

but it was always in the htaccess...
and the way the rule was build/formulated was the correct rule ...
So it was possible..
thanks for the help everybody.. :)