Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

mod_rewrite: allow redirect but prevent direct access

Tags:

redirect

apache

mod-rewrite

I am currently using mod_rewrite to do an internal redirection

RewriteCond  %{REQUEST_URI}  ^/pattern$
RewriteRUle .* file.php

However I would like to prevent direct access to file.php by redirecting requests to that file to a page not found URL.

RewriteCond %{REQUEST_URI} /file.php
RewriteRule .* page-not-found.php

The problem is that the second rule also applies when I do the first redirect and therefore breaks my first internal redirect.

[Q] Is there a way to allow the first redirect but prevent direct access to the redirected file?

like image 439
Max Avatar asked Apr 24 '11 08:04

Max

3 Answers

Using ENV:REDIRECT_STATUS variable (see mromaine's contribution to "Hidden features of mod_rewrite" community wiki:

RewriteCond  %{REQUEST_URI}  ^/pattern$
RewriteRule .* file.php

# Redirect direct access to file.php
RewriteCond %{REQUEST_URI} /file.php
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule .* page-not-found.php

Test cases:

  • http://example.com request gets server's index file (index.htm, index.php, etc.)
  • http://example.com/somefile.htm request gets somefile.htm
  • http://example.com/somedir request gets somedir's index file
  • http://example.com/pattern request gets file.php file
  • http://example.com/file.php request gets page-not-found.php file

Every HTTP responses are HTTP 200.

like image 172
CDuv Avatar answered Sep 20 '22 03:09

CDuv

Edit: Inspired by @AndrewR's answer (which in its current form however didn't seem to work for me - it looks like the second rule gets applied anyway.) a .htaccess only solution that works with a secret key.

If you encounter a valid pattern, add a secret key to the query string.

Then test for that secret key when deciding upon the page redirect. 

RewriteEngine on
Options +FollowSymlinks

RewriteCond  %{REQUEST_URI}  ^/pattern$
RewriteRule .* /file.php?SUPER_SEKRIT_KEY [QSA]

RewriteCond %{QUERY_STRING} !SUPER_SEKRIT_KEY
RewriteCond %{REQUEST_URI} /file.php
RewriteRule .* /test/page-not-found.php [L,F]

Use a more complex key of course, and for internal redirects only! Otherwise, the user will be able to grab the secret key.

like image 25
Pekka Avatar answered Sep 24 '22 03:09

Pekka

You can add a [L] at the end of the rewrite rule, which signifies Last, or no more processing. This will only work inside the Apache config. It does not work in an .htaccess file.

RewriteEngine On

RewriteCond  %{REQUEST_URI}  pattern$
RewriteRule .* /file.php [L]

RewriteCond %{REQUEST_URI} file.php$
RewriteRule .* /page-not-found.php [L]
like image 44
AndrewR Avatar answered Sep 23 '22 03:09

AndrewR
Sign in to Comment

Related questions

Will Apache Commons work in all servers?
How can I prevent other sites from linking to my javascript files?
Multiple Zend framework sites on one server
How to disable cPanel URLs
Finding where PHP errors are logged on Ubuntu server?
.htaccess allow access to files only from includes
mod rewrite directory if file/folder not found
Cannont access localhost websites after creating virtual host [duplicate]
.htaccess rewrite pretty urls that can still use get variables
JAVA Apache POI Excel: add borders to cell range
Force SSL HTTPS for subdomain with .htaccess
Mamp Pro 4: Apache won't start
Apache, MySQL, and FTP 'Detected With Wrong Path' using XAMPP on Win7
Slow Apache Server on EasyPHP [closed]
Rewriting only when a file doesn't exist
How to install Python Package for global use by all users (incl. www-data)
How do I create a custom directive for Apache Velocity
Processing apache logs quickly
In Django, how do I allow print statements to work with Apache WSGI?
Apache proxypass using a variable URL with interpolate

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!