I have the following folder structure where I have a web app running:
/root/public/index.php
I have a .htaccess in the /root that redirects all requests to /root/public but I am also able to access my content by prepending the /public directory in my request for example at the moment I can do
www.example.com/public/index.phpwww.example.com/index.phpBoth lead to the same resource but I only want people to access the resource by going to and return an error if they try to directly access the /public directory
www.example.com/index.php
My current .htaccesss look like this:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^(.*)$ public/ [L]
</IfModule>
What am I missing here to stop the accessibility of my /public folder via URLs?
I have tried applying some rewrite rules used by WordPress` but that didn't work for my use-case by following the guide here: https://wordpress.org/documentation/article/htaccess/
You can do something like this:
RewriteEngine On
# Block direct requests to the "/public" subdirectory
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^public/ - [F]
# Rewrite all requests to "/public/index.php"
RewriteRule ^ public/index.php [END]
(The <IfModule> wrapper is not required and should be removed.)
The check against the REDIRECT_STATUS environment variable ensures that only direct requests (from the user) are checked and not rewritten requests by the later rewrite.
Note that I changed your existing rule to rewrite the request directly to /public/index.php since that would seem to be the intention. (Rather than relying on the DirectoryIndex.)
Although, I'm wondering how you are managing your static assets (if any)?