I have following sub folders in web folder.
I want to block access to any html folder inside themes folder and allow access to all the asset folders only.
how can I achieve this with .htaccess or by symfony2 access control?
You can do this with .htaccess by providing users an HTTP 403 - Forbidden error if they try to access them:
RewriteRule ^/themes/shop/(.*)/html(.*) - [L,R=403]
Or, if you prefer a 404 - Not Found:
RewriteRule ^/themes/shop/(.*)/html(.*) - [L,R=404]
Since you mentioned you're using Symfony, you should also take care to place the rule in the right place so that other rewrite rules don't take over:
<IfModule mod_rewrite.c>
RewriteEngine On
#Put them first, otherwise they might get routed elsewhere
RewriteRule ^/themes/shop/(.*)/html(.*) - [L,R=403]
#...
</IfModule>
As per the comments and a gist linked by @basit : you can add additional checks to ensure that any requests made to resources: exist, are actually an asset file, and only contained in the assets folder.
# contents of the gist linked above - in case the link ever breaks
# If the requested filename exists, simply serve it.
# We only want to let Apache serve files and not directories.
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_URI} !^/themes/stores/(.*)
RewriteCond %{REQUEST_URI} !^/themes/shop/(.*)
RewriteRule .? - [L]
# allow stores asset folder only
RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g|png|js|css|svg|svgz|eot|otf|woff|woff2|ttf|swf|php|ico|txt|pdf|xml)$
RewriteCond %{REQUEST_URI} ^/themes/stores/(.*)/asset/.*
RewriteRule .? - [L]
# allow shop asset folder only
RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g|png|js|css|svg|svgz|eot|otf|woff|woff2|ttf|swf|php|ico|txt|pdf|xml)$
RewriteCond %{REQUEST_URI} ^/themes/shop/(.*)/asset/.*
RewriteRule .? - [L]
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.