Jump to content

rewrite private directory


Go to solution Solved by scootstah,

Recommended Posts

Hey,

 

The rewrite rules I've been using for the last year or so is

 

 

RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php?q=$1 [B,L,QSA]

 

which sends everything through index.php unless it actually exists.

 

I'm now adding a directory to the root which is private, so any request for the directory or anything in it should be rewritten to go to index.php (which will produce a 404).

 

I'm not after a redirect or having another htaccess file with deny, etc.

 

Some things I've tried

 

#RewriteRule ^(priv/|submit\.php) - [F,L,NC]
#RewriteRule ^(priv/)$ - index.php?rxq=$1 [B,L,QSA]
#RewriteCond %{REQUEST_URI} !^/priv
#RewriteCond %{REQUEST_URI} !^/priv/$ [NC]

 

thanks

Link to comment
https://forums.phpfreaks.com/topic/298810-rewrite-private-directory/
Share on other sites

You should configure Apache to restrict access to that directory, using "deny".

order deny,allow
deny from all
You can either put that in an .htaccess file inside the private directory, or make a <Directory></Directory> section in your site config.

I'm after rewriting it so that its consistent across the board.

 

You can often tell if a directory exists and being blocked (using Deny) rather than not there.

 

I'm reworking my CMS so that its as stealthy and generic as possible, and ultimately unidentifiable.

 

 

Thankyou

 

(I've not got back to this yet, but I'm sure I've done this before using rewrite)

  • Solution

Why does it matter if they "know"? If you rewrite it gives false impressions.

 

But, this is what you want:

RewriteEngine on
RewriteRule ^priv(.*)$ index.php?q=$1
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php?q=$1 [B,L,QSA]
You can change how you want the parameters to appear to index.php.

 

But for the record, can you expand on this?

Good solution but its part of a single package so the mod_rewrite solution is what I'm after, thanks

If you are routing things through index.php, then only needs to be visible to the public. The entirety of your application should live behind the document root. That is standard practice and the correct way to do things these days.

  • Like 1

That's brilliant, many thanks, you've saved me a few hours reading up on rewrite syntax :D

 

When you say behind the document root, you mean outside of the server root, yes?

 

My project is sort of designed for simplicity, as in extract all once (and upload to single location).

 

Basically there are two files (index.php and .htaccess) and three directories. All system files go in one directory structure, all private content goes in another (for easy backup) and then there is a public folder where resources go. (* in reality there are a few things still left in the main directory structure, but they will be moved when enough time.)

 

In reality, all one would need to do is change two defined paths in the config file and the core and private directories could be moved elsewhere...

My project is sort of designed for simplicity, as in extract all once (and upload to single location).

That's fine, moving the application outside of the document root doesn't change that. You could either set a constant for the base application path and reference it any time you need that path, or if you're using proper OOP structure, you'd just tell your autoloader where to look.

I keep seeing this autoloader being banded about and always put off looking it up, till now...

 

I've sort of done my own version, lol...

 

In certain situations I have wrapper functions which return a new class after including its appropriate file.

 

* other common classes I put together in a single file.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.