.htaccess: block a physical directory url but allow the url through a subdomain indirectly

Question

So for security reasons, I want to disallow http://www.domain.com/directory/ but allow that physical directory only through http://subdomain.domain.com/directory/

The simple way would be to just move the directory, but I can't do it because it breaks the application, so how would I do this with .htaccess?

I've temporarily blocked it using:

RedirectMatch 301 ^/directory/$ http://www.domain.com/

But of course that redirects the subdirectory in either case, so what I'd think is I could just put:

RedirectMatch 301 ^http://www.domain.com/directory/$ http://www.domain.com/

or something similar but it doesn't work... suggestions?

Answer 1

You can do it with a RewriteCond:

RewriteEngine on
RewriteCond %{HTTP_HOST} !subdomain.domain.com
RewriteRule ^directory http://www.domain.com [R=301]

Although better yet, I would recommend creating another virtual host with the same document root. So in your main server configuration, you'd have

<VirtualHost *:80>
    # this is the existing virtual host for the www subdomain
    ServerName www.domain.com
    ...
    DocumentRoot /path/to/docroot
    # Add this next section
    <Directory /path/to/docroot/directory>
        Options allow,deny
        Deny from all
    </Directory>
</VirtualHost>
<VirtualHost *:80>
    # this is the existing vhost for the other subdomain
    ServerName subdomain.domain.com
    ...
    DocumentRoot /path/to/docroot
</VirtualHost>

It's more efficient when Apache doesn't have to parse the .htaccess files.