Apache - combo newbie question on mod rewrite & restrict file access by URL

this is my first attempt at mod rewrite for URL and file access restriction rule. I have done some reading for related post in stack and google but so far unsuccessful in getting a complete answer. So far, all research info in the web seems to be in bits and pieces and always short of some key step.

Newbie like me finds it very hard to connect the dots, so I turned to the guru's at stackoverflow for some help.

I am going to list down all the steps I have taken so far so if someone can please guide me what I did wrong, I am eternally greatful. Maybe my step by step description will be helpful for others looking for the same answer in the future.

Apache Configuration

开发者_运维知识库

1) Uncomment the line LoadModule rewrite_module modules/mod_rewrite.so in the httpd.conf file @conf folder.

2) Checked that mod_rewrite is loaded by displaying the php summary detail with phpinfo() function and searching for the string "mod_rewrite".

What I Want to Achieve

[URL Rewrite]

**from** : www.domain.com/listing.php?
           category=men+casual+pant&title=blue+office+pant&item_ID=123

**to** : www.domain.com/category/men/casual/pant/blue-office-pant_123.html

[Restrict Direct Access for following File]

**restrict file** /htdocs/bg_addEditItem.php from direct URL access typing

What I Have Done so Far but Nothing Works

1) Created a .htaccess file and placed it at /htdocs folder with the following content

Options +FollowSymlinks
RewriteEngine on
RewriteRule ^category/$1/$2/$3/$4-$5-$6_$7 listing.php?&category=([a-z]+)-([a-z]+)-([a-z]+)&title=([a-z]+)+([a-z]+)+([a-z]+)item_ID=([0-9]+)

2) Currently I use a combination of session_id and HTTP-referrer to deny direct access to bg_addEditItem.php file but I think there must be an easier method which is placing all the protected files in a folder and setting a different .htaccess file. Can someone please show how this is done? My method to access this file is from a form's post.

Thank you very much.

RewriteCond %{QUERY_STRING} ^category=(.*)+(.*)+(.*)&title=(.*)+(.*)+(.*)&itemID=(.*)$
RewriteRule ^$ ^category/%1/%2/%3/%4-%5-%6_%7.html [L]

For your second part

RewriteCond %{HTTP_REFERRER} !^http://(www\.)?yourdomain.com/(.*)$
RewriteRule ^/protectedfolder/(.*) - [R=404]  [L]/* Apache will check if url points to your protected folder and if yes , it will check above condition . Above condition will see if the referrer is from you site , if not it will pass and 404 will be returned to user.