Viewed   644 times

Here is the scenario:

  • There is a index.php file in root folder
  • some files are included in index.php which are in the includes folder.
  • 1 other file (submit.php) is in the root folder for form submit action.

I want to restrict direct user access to the files in includes folder by htaccess. also for submit.php. But include will work for index.php file. Like, if user types, it will restrict it (may be redirect to a error page).



I would just move the includes folder out of the web-root, but if you want to block direct access to the whole includes folder, you can put a .htaccess file in that folder that contains just:

deny from all

That way you cannot open any file from that folder, but you can include them in php without any problems.

Thursday, August 11, 2022

There are lots of solutions, but basically you need to generate the page only if the session is valid. If not valid, shunt user to a non-access display. If you have this and it seems not to work, perhaps you should post some code.

Sunday, November 13, 2022

Your regex is wrong. You cannot have $ following another $ in an input since $ denotes end of text.

This rule should work:

RewriteEngine On

# new rule to handle
RewriteRule ^(w+)/(w+)/?$ /index.php?id=$1&mode=$2 [L,QSA]

# your existing rule to handle
RewriteRule ^(w+)/?$ /index.php?id=$1 [L,QSA]
Thursday, October 20, 2022

Check my blog post about this: How to hide users files and folders on your website?

There are two solutions for doing that:

1- You can put your “UsersUploads” folder outside the website directory, so if your website exist on “” you can put the “UsersUploads” there “c:UsersUploads”, Like that IIS has no control over this folder and its files, And your website code will still have access to this directory as a normal physical path.

2- Stop IIS from serving this folder:

IIS by default doesn’t server some website folders and files such App_Data, App_Code, bin, App_GlobalResourses, App_LocalResources, Web.config,….

Wednesday, October 5, 2022

I don't know if RewriteMap work with .htaccess files, but anyway here's my solution for virtual host, which should work flawlessly.

Create a RewriteMap file. See here for more information. This is a very simple text file with: first, the wrong URL without the '/', then one space (at least) and then the right url, like this:

one-piece-episode-528​ /watch-anime/o/one-piece/​one-piece-episode-528​.html
dexter-season-6-episode-1 /watch-interesting-stuff/d/dexter/dexter-season-6-episode-1.html
breaking-bad-full-season-3 /watch-interesting-stuff/b/breaking-bad/​breaking-bad-full-season-3.html

and so on.

convert this simple text file into hash map. For example:

httxt2dbm -i mapanime.txt -o

Now declare it in your vhost:

RewriteMap mapanime 

So all in all your vhost should look like:

<VirtualHost *>
    RewriteEngine On
    RewriteMap mapanime 
    # don't touch the URL, but try to search if it exists in mapanime
    RewriteRule /([^/]*)/$ - [QSA,NC,E=VARANIME:${mapanime:$1|notfound}]
    # if VARANIME not empty *and*
    #   VARANIME different from "notfound":
    RewriteCond %{ENV:VARANIME} ^(notfound|)$
    # then redirect it to the right URL:
    # QSA = query string append
    # R = redirect, 301 = definitive redirect
    # L = last = don't go further
    RewriteRule . %{ENV:VARANIME} [QSA,R=301,L]

Hope this helps.

I don't see a simpler solution, but I'm pretty sure this one will work.

If it doesn't work: read my usual "two hints", and add the rewrite log in your question.

Two hints:

Please try to use the RewriteLog directive: it helps you to track down such problems:

# Trace:
# (!) file gets big quickly, remove in prod environments:
RewriteLog "/web/logs/mywebsite.rewrite.log"
RewriteLogLevel 9
RewriteEngine On

My favorite tool to check for regexp: (don't forget to choose ereg(POSIX) instead of preg(PCRE)!)

Friday, August 5, 2022
Only authorized users can answer the search term. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :