Say that I have the following directory structure:
/
/opt
/opt/lampp
/opt/lampp/htdocs/
/opt/lampp/htdocs/...
/opt/lampp/htdocs/.../project
And then within the project/ directory, I have the following directory structure:
project/
project/.htaccess
project/index.php
project/dashboard.php
project/theme.css
project/...
project/subdir-1
project/subdir-1/...
project/subdir-2
project/subdir-2/...
project/subdir-3
project/subdir-3/...
What do I write in project/.htaccess to allow access to all files in the project/ directory, but deny access to all the sub-directories (i.e. subdir-*) and all the files in each sub-directory?
Here is what I have so far:
.htaccess
# Deny access by default
Order deny,allow
Deny from all
# Allow access to all PHP/CSS files in current directory
<Files ~ "[^/]\{0,}\.(php|css)$">
Allow from all
</Files>
I'm basically trying to allow access to all PHP/CSS files, except for files with a '/' in the file name; however, the result is that I am unable to access anything. What would be the correct way to accomplish this?
Also, is there a cross-platform way to do this (i.e. So that it would work on both UNIX/Linux & Windows servers)?
To deny access to all sub-directories of the /project folder, you can use the following mod-rewrite Rule in project/.htaccess :
RewriteEngine on
#if the request is for existent dirs, forbid the request
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [R=403,L]
This returns a 403 error response if you request a directory that exists.
If you want to do this for both files/directories, you can use the following redirect
RedirectMatch 403 /project/.+/.*$