RewriteRule forbidden for empty Request URI
Question
I am trying to write .htaccess rules to deny access to all .php files in all subfolders but allow access to one single file in one of subdirectories and also using a RewriteRule on that file, it works if Request URI is not empty but when I access / it shows Forbidden
Now I have :
<Files ~ "\.(php)$">
deny from all
</Files>
<Files Test.php>
allow from all
</Files>
Options +FollowSymLinks
Options All -Indexes
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ /Sub/Test.php [QSA]
How to make it to work as expected?
2 answers
solution1
1 ACCPTED 2013-12-16 23:32:24
That's because when you request / , it gets mapped to index.php or whatever your index file is and this condition then fails:
RewriteCond %{REQUEST_FILENAME} !-f
You could add an additional or 'ed condition to also allow the / request through:
RewriteCond %{REQUEST_URI} ^/$ [OR]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ /Sub/Test.php [QSA]
solution2
1 2013-12-17 15:51:17
Actually all this blocking of .php can be easily handled in just 2 rules. Consider this code:
RewriteEngine On
# block any request with `.php
RewriteCond %{THE_REQUEST} \s/.+?\.php[\s?] [NC]
RewriteRule ^ - [F]
# send all non-file, non-dir requests to /Sub/Test.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.+$ /Sub/Test.php [L]
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.