Apache .htaccess
The Apache Webserver file .htaccess is a powerful tool for managing the access and navigation to your webserver.
Unfortunately, the working is not very intuitive and not very simple.
Examples
Prevent PHP-Directory Access
The usage of a special PHP-include directory is a common implementation paradigm.
But you don't want anyone to have access to that directory except the program/application.
This snippet prevents the access to the directory file with extension php.
<syntaxhighlight lang="bash" line>
- Enable Mod Rewrite, this is only required once in each .htaccess file
RewriteEngine On RewriteBase /
- Test for access to the include directory
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /phpinclude/.*$ [NC]
- Test that file requested has php extension
RewriteCond %{REQUEST_FILENAME} ^.+\.php$
- Forbid Access
RewriteRule .* - [F,NS,L] </syntaxhighlight>
- Line 01-03: Needs to be set once and enables the RewriteCond and RewriteRule.
- Line 05-06: Tests case insensitive ([NC]=No Case) if the directory is ../phpinclude at the end ($).
- Line 08-09: Tests if the file name has the extension .php at the end ($).
- Line 11-12: Forbids access to the found file.
- F: Returns a 403 FORBIDDEN response to the client browser.
- NS: Causes a rule to be skipped if the current request is an internal sub-request.
- L: Stop the rewriting process immediately and don't apply any more rules.
Source: https://httpd.apache.org/docs/current/mod/mod_rewrite.html [1]
See also
Reference
- ↑ Apache Docs, Description mod_rewrite module: Rewrite(s) condition and rules.