rewrite private directory

[0x00]

Hey,

 

The rewrite rules I've been using for the last year or so is

 

 

RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php?q=$1 [B,L,QSA]

 

which sends everything through index.php unless it actually exists.

 

I'm now adding a directory to the root which is private, so any request for the directory or anything in it should be rewritten to go to index.php (which will produce a 404).

 

I'm not after a redirect or having another htaccess file with deny, etc.

 

Some things I've tried

 

#RewriteRule ^(priv/|submit\.php) - [F,L,NC]
#RewriteRule ^(priv/)$ - index.php?rxq=$1 [B,L,QSA]
#RewriteCond %{REQUEST_URI} !^/priv
#RewriteCond %{REQUEST_URI} !^/priv/$ [NC]

 

thanks

[Ch0cu3r]

So you do not want people navigating to your private folder? The simplest solution is to move it so it is outside your document root.

[0x00]

Good solution but its part of a single package so the mod_rewrite solution is what I'm after, thanks

[scootstah]

You should configure Apache to restrict access to that directory, using "deny".

order deny,allow

deny from all

You can either put that in an .htaccess file inside the private directory, or make a <Directory></Directory> section in your site config.

[0x00]

I'm after rewriting it so that its consistent across the board.

 

You can often tell if a directory exists and being blocked (using Deny) rather than not there.

 

I'm reworking my CMS so that its as stealthy and generic as possible, and ultimately unidentifiable.

 

 

Thankyou

 

(I've not got back to this yet, but I'm sure I've done this before using rewrite)

[scootstah]

Why does it matter if they "know"? If you rewrite it gives false impressions.

 

But, this is what you want:

RewriteEngine on
RewriteRule ^priv(.*)$ index.php?q=$1
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php?q=$1 [B,L,QSA]

You can change how you want the parameters to appear to index.php.

 

But for the record, can you expand on this?

Good solution but its part of a single package so the mod_rewrite solution is what I'm after, thanks

If you are routing things through index.php, then only needs to be visible to the public. The entirety of your application should live behind the document root. That is standard practice and the correct way to do things these days.

[0x00]

That's brilliant, many thanks, you've saved me a few hours reading up on rewrite syntax

 

When you say behind the document root, you mean outside of the server root, yes?

 

My project is sort of designed for simplicity, as in extract all once (and upload to single location).

 

Basically there are two files (index.php and .htaccess) and three directories. All system files go in one directory structure, all private content goes in another (for easy backup) and then there is a public folder where resources go. (* in reality there are a few things still left in the main directory structure, but they will be moved when enough time.)

 

In reality, all one would need to do is change two defined paths in the config file and the core and private directories could be moved elsewhere...

[scootstah]

My project is sort of designed for simplicity, as in extract all once (and upload to single location).

That's fine, moving the application outside of the document root doesn't change that. You could either set a constant for the base application path and reference it any time you need that path, or if you're using proper OOP structure, you'd just tell your autoloader where to look.

[0x00]

I keep seeing this autoloader being banded about and always put off looking it up, till now...

 

I've sort of done my own version, lol...

 

In certain situations I have wrapper functions which return a new class after including its appropriate file.

 

* other common classes I put together in a single file.