I'm working on an MVC project and I have the following .htaccess file:
Options -Indexes
Options -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?path=$1 [L]
RewriteRule !^(public/|index\.php) [NC,F]
It works OK. I only want the public/ folder and the index.php file to be accessible to the public. All other paths should be inserted into the path GET parameter. For example, mysite.com/controller/method should point to mysite.com/index.php?path=controller/method.
Now, there is a problem. When visiting the URL directly (without including index.php, it is adding [NC,F] to the GET path parameter. It's like visiting mysite.com is pointing to mysite.com/index.php?path=[NC,F].
Why is this happening and how do I fix it?
EDIT
I moved index.php into the public/ folder. Here is my .htaccess file now:
Options -Indexes
Options -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ public/index.php?path=$1 [L]
RewriteRule ^(/)?$ public/index.php [L]
RewriteRule !^(public/) [NC,F]
It seems to work OK. Are there any other improvements I could make on this?
You don't have a redirect location on the last rule, so it's taking the flags as the redirect location. Just a dash will be fine since it's a forbidden response. Change the last line to:
RewriteRule !^(public/|index\.php$) - [NC,F]
Also adding the dollar sign after index.php just to be clear.
Edit:
I would suggest updating your new rule set to the following (actually I suggest a complete re-think below, but this is an update on what you have):
RewriteEngine On
RewriteRule ^$ public/index.php [L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !^/public/
RewriteRule ^(.*)$ public/index.php?path=$1 [L]
RewriteRule !^(public/) - [NC,F]
The (/)? wasn't needed in your homepage rule, as the opening forward slash is not included in .htaccess matches anyway.
I moved your rule for the homepage to the top or it will never be used due to being matched by the previous rule (so the path param is not there when empty, which is presumably what you intended).
I stopped anything in /public/ from being passed to your index.php script, since the way you had it, anything in public that didn't exist would have been passed to your index script, which does not seem to be what you intend.
I added RewriteCond %{REQUEST_URI} !=/public/index.php so the rule couldn't be executed on itself and create a loop if rule processing is run through more than once, which it can be, but then took it back out because the above match on /public/ covers that anyway.
A Re-Think
All that said, I don't think it really makes sense to check if files don't exist and then just send forbidden responses to the ones that do, yet send everything else to your index script. Why not just send everything to your index script? That seems to be what you want really. I would suggest you simplify to this:
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/public/
RewriteRule ^(.*)$ public/index.php?path=$1 [L]
Dropping the homepage rule since no need to worry about an empty path parameter being passed to your index script. Changing the logic to be "Leave anything in /public/ alone. For anything else, pass it through to the index.php script." so files tests not needed since the script handles it all, and no forbidden response needed because there is nothing left to match, it's all covered by the rules. You can always return forbidden to anything you don't want to process in your script, which you would have needed to do anyway for existing file URLs in your previous setup.
One Last Re-Think
And finally, if I might suggest, it would be cleaner to have your index.php file in the root of the website, so you can make /public/ work with its own index file later if you like, so finally I would move it back to the root and change the rules to this:
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/public/
RewriteCond %{REQUEST_URI} !=/index.php
RewriteRule ^(.*)$ index.php?path=$1 [L]
And if you like all that, an up-vote to go with already accepting the answer would be much appreciated. :)
Adding RewriteRule ^(/)?$ public/index.php [L] seems to have resolved the issue. I'm not sure if this is the best approach, but here is my .htaccess file now:
Options -Indexes
Options -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ public/index.php?path=$1 [L]
RewriteRule ^(/)?$ public/index.php [L]
RewriteRule !^(public/) [NC,F]
I moved index.php into the public folder to make things clearer.
Related
I have a website called mydumbwebsite.com/. In my root folder, I have various folders, one of them being "stuff". This folder is directly accessible with mydumbwebsite.com/stuff/. I want to create an .htaccess file that redirects everything that goes into this subfolder and only this subfolder, so these urls:
mydumbwebsite.com/stuff/test
mydumbwebsite.com/stuff/test/
mydumbwebsite.com/stuff/test.php
mydumbwebsite.com/stuff/test.php?test=yes
mydumbwebsite.com/stuff/test2.php (doesn't exist)
mydumbwebsite.com/stuff/test2.php?test=yes (doesn't exist)
mydumbwebsite.com/stuff/test/moar
mydumbwebsite.com/stuff/test/moar/tests.php
... should all redirect to the index.php file of the folder "stuff", even if the file/folder they point to exists.
Some additional context: despite my made up example, I encountered this problem on localhost. I have many different projects and I don't want the .htaccess of one project interfere with the other projects. I tried this, but it keeps redirecting me to the xampp homepage:
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.+)$ index.php [QSA,L]
I tried changing it to this, but that couldn't cover all instances, such as nr. 2, 3 and 4:
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.+)$ /stuff/index.php [QSA,L]
You need to remove the conditions !-d and !-f, which say "Don't apply the rule on existing files and directories". You also need to remove RewriteBase /.
RewriteEngine On
RewriteRule ^(.+)$ index.php [QSA,L]
The file should be located under /suff/.htaccess.
The following rules do also work for me:
RewriteEngine On
RewriteRule ^ index.php [L]
and
RewriteEngine On
RewriteRule ^ index.php [END]
Regarding your comment:
Usually I would create a public folder and put anything that should be accessed directly (public/css/, public/js, public/img etc.) in it. And whitelist it as following:
RewriteEngine On
RewriteRule ^public/ - [END] # allow direct access on public folder
RewriteRule ^ index.php [END] # anything else will be directed to index.php
You can of course whitelist multiple directories the same way:
RewriteEngine On
RewriteRule ^css/ - [END]
RewriteRule ^img/ - [END]
RewriteRule ^js/ - [END]
RewriteRule ^ index.php [END]
Or something like you suggested in the comment:
RewriteRule ^(scripts|styles|morefoldernames)($|/) - [L]
It is late, so my brain could be muddled about this, but surely you simply want everything in stuff to be redirected to index.php, no if's or buts.
Then the below should work, provided it has "/stuff/" in the URL. I'm guessing that you aren't bothered about query strings etc either, if so, then you'll need to modify the index.php below to index.php?$1 and the flags to [QSA, NC, L].
RewriteEngine On
RewriteRule ^/stuff/?$ /stuff/index.php [NC,L]
Check that your root .htaccess file has the line "RewriteOptions InheritDown" somewhere in it, that way the .htaccess file for each subfolder should be covered.
Try this out.
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^/stuff/(.+)$ /stuff/index.php [L]
I have got a lot of subdomains configured using wildcard e.g.
subdomain1.domain.com
subdomain2.domain.com
subdomain3.domain.com
(...)
subdomain89.domain.com
etc etc.
They are point to /public_html/. Inside the public_html I have created
/public_html/subdomain1
/public_html/subdomain2
/public_html/subdomain3
(..)
/public_html/subdomain89
sub-folders.
I would like to redirect all request from subdomains (any) to index.php files within the respective sub-folders e.g.:
http://subdomain1.domain.com/
http://subdomain1.domain.com/about_us.php
http://subdomain1.domain.com/contact.php
redirects to /public_html/subdomain1/index.php.
http://subdomain2.domain.com/
http://subdomain2.domain.com/about_us.php
http://subdomain2.domain.com/contact.php
redirects to /public_html/subdomain2/index.php etc etc.
This is my .htaccess:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www\.)?([a-z0-9-]+)\.domain\.com$ [NC]
RewriteRule !^([a-z0-9-]+)($|/) /%2%{REQUEST_URI}/index.php [PT,L]
When I access subdomain1.domain.com i see the index.php file from /public_html/subdomain1 but when I access subdomain1.domain.com/about_us.php i got 404. Any ideas?
Thanks
I have figured it out. This is the working code:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www\.)?([a-z0-9-]+)\.domain\.com$ [NC]
RewriteRule !^([a-z0-9-]+)($|/) /%2%{REQUEST_URI}/ [L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . index.php [L]
:-)
First make sure that your .htaccess file is in your document root (the same place as index.php) or it'll only affect the sub-folder it's in (and any sub-folders within that - recursively).
Next make a slight change to your rule so it looks something like:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php?path=$1 [NC,L,QSA]
At the moment you're just matching on . which is one instance of any character, you need at least .* to match any number of instances of any character.
The $_GET['path'] variable will contain the fake directory structure, so /mvc/module/test for instance, which you can then use in index.php to determine the Controller and actions you want to perform.
If you want the whole shebang installed in a sub-directory, such as /mvc/ or /framework/ the least complicated way to do it is to change the rewrite rule slightly to take that into account.
RewriteRule ^(.*)$ /mvc/index.php?path=$1 [NC,L,QSA]
And ensure that your index.php is in that folder whilst the .htaccess file is in the document root.
Alternative to $_GET['path'] (updated Feb '18 and Jan '19)
It's not actually necessary (nor even common now) to set the path as a $_GET variable, many frameworks will rely on $_SERVER['REQUEST_URI'] to retrieve the same information - normally to determine which Controller to use - but the principle is exactly the same.
This does simplify the RewriteRule slightly as you don't need to create the path parameter (which means the OP's original RewriteRule will now work):
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ /index.php [L,QSA]
However, the rule about installing in a sub-directory still applies, e.g.
RewriteRule ^.*$ /mvc/index.php [L,QSA]
This is my current .htaccess file:
DirectoryIndex requestHandler.php
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ requestHandler.php?/$0 [L,QSA]
I want to redirect alle requests to "requestHandler.php". It works now, but it is also possible to access sites with the direct link, and I don't want that.
For example:
It now works with ".../api/register" , but you can also access it but going to ".../register.php" and that shouldn't be possible. It should only be possible to go to register.php by ".../api/register".
I think I had it working before, but as I continued editing I've seemed to mess it up.
requestHandler.php should be working properly and when I enter ".../register.php" it is not at all redirected to requestHandler, but if I enter ".../registe.php" or ".../register.ph" it is redirected there.
Any solutions?
The rule you posted is only checking if the file/directory exists, and if it doesn't, then redirect to requestHandler.php. So naturally, if an existing file is entered in the URL, it will not redirect.
If you want all ".php" files to get redirected as well, you'll need a more specific Rewrite rules. Something like this maybe:
DirectoryIndex requestHandler.php
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ requestHandler.php?/$0 [L,QSA]
RewriteCond %{REQUEST_FILENAME} \.php$
RewriteRule ^(.*)$ requestHandler.php?/$0 [L,QSA]
You can probably consolidate that into one rule block, but at least this way it's very readable. The second rule block is only checked if the requested file is not a file or a directory.
1) I have a Drupal site located at http://example.com and I have a directory located at http://example.com/foo, but I also have a Drupal page with an alias of http://example.com/foo. How can I get the Drupal page to serve? Currently, I get a 403 forbidden page as a result of the Options -Indexes declaration in Drupal's .htaccess file, but I do not want to remove this as I do not want directories to be browsable.
EDIT: I have solved this with the following rule:
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^(.*)$ http://localhost/s2k/index.php?q=$1 [L,QSA]
2) To make the problem even more difficult, given the same scenario, if I have an index.html file inside the directory http://example.com/foo/index.html I always want this to take priority over Drupal's aliased page (which it does at the moment - currently I have modified the .htaccess file so that any directory with an index.html file displays it - DirectoryIndex index.php index.html).
EDIT:
So now, how can I write a RewriteCond that will look to see whether or not there is an index.html file inside the directory?
I am no RewriteRule Guru and pretty sure there is a nicer way to achieve this, e.g. with conditional RewriteCond.
But simply adding
RewriteCond %{REQUEST_URI} =/foo/
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
Above the default rewrite Conds and rules make this rule kick in for /foo/ and not the Drupal-default one. Where a RewriteCond %{REQUEST_FILENAME} !-d will only apply the RewriteRule if something is NOT a dir.
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{REQUEST_FILENAME}/index.html !-f
RewriteRule ^(.*)$ http://localhost/s2k/index.php?q=$1 [L,QSA]
RewriteCond %{REQUEST_FILENAME}index.html -f
RewriteRule ^(.*)$ $1index.html [L]
RewriteCond %{REQUEST_FILENAME}/index.html -f
RewriteRule ^(.*)$ $1/index.html [L]
[normal Drupal rewrite rules]
Hey, I've been reading StackOverflow.com for a long time but decided to sign up to ask a question. I'm writing my own lightweight MVC framework that routes page requests in index.php.
Page requests look like /controller/action/arg1/arg2/arg3, and they should be rewritten to index.php?route=[request]. So, a [request] like site.com/user/profile/123 should be rewritten to index.php?route=user/profile/123
However, files aren't meant to rewrite to index.php. Assets such as images and stylesheets are in the /app/webroot/ folder, and don't need PHP to be executed. So, the mod_rewrite engine should rewrite any filerequests to /app/webroot/, and serve the configured 404 ErrorDocument when the file doesn't exist.
Directory structure
./index.php
./app/webroot/scripts/helpers/hamster.js
./app/webroot/images/logo.png
./app/webroot/style/main.css
Since you can tell the difference between a file request (/squirrel.png) and a page request (/user/profile/123) just by the existence of the file extension / dot, I was expecting that this would be really easy. But... I'm having a really hard time with it and I was hoping someone could help me out.
Something I've tried was...
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ app/webroot/$1 [L]
RewriteRule ^(.*)$ index.php?route=$1 [QSA,L]
... but it doesn't really work except for redirecting correctly to existing files. Pagerequests or nonexisting files result in HTTP 500 errors.
Any help is greatly appreciated! =)
See if this works out a little more like you expected:
RewriteEngine On
# These two lines are very specific to your current setup, to prevent
# mod_dir from doing what it does, but in a more controlled way
RewriteCond %{THE_REQUEST} ^[A-Z]+\s/iceberg[^/]
RewriteRule .* http://localhost/iceberg/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !^/app/webroot
RewriteCond %{REQUEST_URI} \.[a-z]+$ [NC]
RewriteRule ^.*$ app/webroot/$0 [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !^/app/webroot
RewriteRule ^.*$ index.php?route=$0 [QSA,L]
Also, to explain, the reason why you are getting the 500 error is likely because of your rule:
RewriteRule ^(.*)$ index.php?route=$1 [QSA,L]
Since it's unconditional, and the regular expression pattern will always match, your rewrite will be performed over and over (the L flag doesn't prevent this, because after you rewrite to index.php, an internal redirection is made inside of Apache, and the process loses its current state).