Here is the scenario:
index.php file in root folderindex.php which are in the includes folder.submit.php) is in the root folder for form submit action.I want to restrict direct user access to the files in includes folder by htaccess. also for submit.php. But include will work for index.php file.
Like, if user types www.domain.com/includes/somepage.php, it will restrict it (may be redirect to a error page).
There are lots of solutions, but basically you need to generate the page only if the session is valid. If not valid, shunt user to a non-access display. If you have this and it seems not to work, perhaps you should post some code.
Your regex is wrong. You cannot have $ following another $ in an input since $ denotes end of text.
This rule should work:
RewriteEngine On
# new rule to handle example.com/blah123/sys
RewriteRule ^(w+)/(w+)/?$ /index.php?id=$1&mode=$2 [L,QSA]
# your existing rule to handle example.com/blah123
RewriteRule ^(w+)/?$ /index.php?id=$1 [L,QSA]
Check my blog post about this: How to hide users files and folders on your website?
There are two solutions for doing that:
1- You can put your “UsersUploads” folder outside the website directory, so if your website exist on “c:websiteexample.com” you can put the “UsersUploads” there “c:UsersUploads”, Like that IIS has no control over this folder and its files, And your website code will still have access to this directory as a normal physical path.
2- Stop IIS from serving this folder:
IIS by default doesn’t server some website folders and files such App_Data, App_Code, bin, App_GlobalResourses, App_LocalResources, Web.config,….
I don't know if RewriteMap work with .htaccess files, but anyway here's my solution for virtual host, which should work flawlessly.
Create a RewriteMap file. See here for more information. This is a very simple text file with: first, the wrong URL without the '/', then one space (at least) and then the right url, like this:
one-piece-episode-528 /watch-anime/o/one-piece/one-piece-episode-528.html
dexter-season-6-episode-1 /watch-interesting-stuff/d/dexter/dexter-season-6-episode-1.html
breaking-bad-full-season-3 /watch-interesting-stuff/b/breaking-bad/breaking-bad-full-season-3.html
and so on.
convert this simple text file into hash map. For example:
httxt2dbm -i mapanime.txt -o mapanime.map
Now declare it in your vhost:
RewriteMap mapanime
dbm:/pathtofile/mapanime.map
So all in all your vhost should look like:
<VirtualHost *>
RewriteEngine On
RewriteMap mapanime
dbm:/pathtofile/mapanime.map
# don't touch the URL, but try to search if it exists in mapanime
RewriteRule /([^/]*)/$ - [QSA,NC,E=VARANIME:${mapanime:$1|notfound}]
# if VARANIME not empty *and*
# VARANIME different from "notfound":
RewriteCond %{ENV:VARANIME} ^(notfound|)$
# then redirect it to the right URL:
# QSA = query string append
# R = redirect, 301 = definitive redirect
# L = last = don't go further
RewriteRule . %{ENV:VARANIME} [QSA,R=301,L]
</VirtualHost>
Hope this helps.
I don't see a simpler solution, but I'm pretty sure this one will work.
If it doesn't work: read my usual "two hints", and add the rewrite log in your question.
Please try to use the RewriteLog directive: it helps you to track down such problems:
# Trace:
# (!) file gets big quickly, remove in prod environments:
RewriteLog "/web/logs/mywebsite.rewrite.log"
RewriteLogLevel 9
RewriteEngine On
My favorite tool to check for regexp:
http://www.quanetic.com/Regex (don't forget to choose ereg(POSIX) instead of preg(PCRE)!)
I would just move the
includesfolder out of the web-root, but if you want to block direct access to the wholeincludesfolder, you can put a.htaccessfile in that folder that contains just:That way you cannot open any file from that folder, but you can include them in php without any problems.