.htaccess only allow access to index.php and a directory

Question

I am using

RewriteEngine On
RewriteRule ^.*$ ./index.php

to redirect all my website traffic through index.php and let my php code get the request_uri and route each request accordingly.

I want to restrict access to all other files/directories except one that will contain the js files, css files, images etc.

I found that to do that I can use:

Order deny,allow
Deny from all

<Files index.php>
    Order Allow,Deny
    Allow from all
</Files>

and then have another .htaccess file inside the public directory to allow certain file types.

When I navigate to localhost/mysite/index.php it works fine since the index.php file is accessible.

But for any other url I get a 403, for example /mysite/home/ is forbidden even though I expected it to work normally.

What can I do get the expected behavior?

My full .htacces file is:

RewriteEngine On

RewriteCond %{SCRIPT_FILENAME} !-d
RewriteCond %{SCRIPT_FILENAME} !-f

RewriteRule ^.*$ ./index.php


Order deny,allow
Deny from all

<Files index.php>
    Order Allow,Deny
    Allow from all
</Files>

---

EDIT: The /public/.htaccess currently looks like this:

<Files ~ "\.(xml|css|jpe?g|png|gif|js|pdf)$">
  Allow from all
</Files>

Answer 1

Try this code in /mysite/.htaccess:

DirectoryIndex index.php
RewriteEngine On

RewriteCond %{SCRIPT_FILENAME} !-d
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteRule ^ index.php [L]

RewriteRule !^(public/|index\.php) [NC,F]