Hi! I'm playing with .htaccess
and I was wondering if with just an .htaccess inside the root directory is possible to block all the request from a browser directed on existing files or directories.
Let's try this example:
RewriteEngine On
RewriteBase /~my_user/my_base/
RewriteRule ^list/$ list.php [L]
RewriteRule ^element_of_list/([a-zA-Z0-9\-]+)/$ element.php?elem_id=$1 [L]
Now, if I write http://127.0.0.1/~my_user/my_base/list/
, this is wroking fine but if I write http://127.0.0.1/~my_user/my_base/list.php
it's still working. I don't want that. I want the user to obtain a 404 error in the last case.
We have /etc/apache2/mods-enabled/userdir.conf
<IfModule mod_userdir.c>
UserDir public_html
UserDir disabled root
<Directory /home/*/public_html>
AllowOverride All
Options Indexes FollowSymLinks
<Limit GET POST OPTIONS>
Order allow,deny
Allow from all
</Limit>
<LimitExcept GET POST OPTIONS>
Order deny,allow
Deny from all
</LimitExcept>
</Directory>
</IfModule>
My first try was to use RewriteCond
:
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^(.*)$ 404.php [L]
But it's not working. Every request ends up redirected to 404.php
UPDATE
So I've managed to create the filter for directories:
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{REQUEST_URI} !^/~my_user/my_base/$ [NC]
RewriteRule ^(.*)$ 404.php [L]
What it does is to check if the requested path (REQUEST_FILENAME
) exists and it's a directory AND if it's not my RewriteBase which is basically index.php, then redirect to 404.php
I'm still trying to find something that does the same thing for files. I know I can selectively do that using extensions filename but I want an universal filter for files.