开发者

.htaccess. deny root, allow specific subfolder. Possible?

问答 作者:

How can I deny access to http://sub.mydomain.com/, but allow for (completely) http://sub.mydomain.com/test (or http://sub.mydomain.com开发者_C百科/test/)

There is a magento back-end behind http://sub.mydomain.com/test/

.htaccess directives apply to that directory, and all subdirectories thereof, so you should disallow access in your DocumentRoot,

http://sub.mydomain.com/.htaccess:

Order deny,allow
Deny from all

And override that in any specific subdirectories you would like to allow access to,

http://sub.mydomain.com/test/.htaccess:

Order allow,deny
Allow from all

How about a .htaccess at the root directory, with the following lines?

RewriteEngine On
# check if request is for subdomain
RewriteCond %{HTTP_HOST} ^sub.mydomain.com$ [NC]
# check if  'test' isnt part of request
RewriteCond %{REQUEST_URI} !^/test/?(.*)$ [NC]
# if subdomain and no 'test' part, redirect to main domain...
RewriteRule ^(.*)$ http://www.mydomain.com/$1 [R,L]

So if the '/test/' section is present, no redirect takes place...

Try create .htaccess file in sub.mydomain.com for deny, and in sub.mydomain.com/test for allow.

Or you can redirect from http://sub.mydomain.com/ to deny subdir.

I know this is a very old thread, but I've been struceling with exactly this scenario for several days and finally got it to work, thus I thought I'd share my solution for further reference.

As of Apache version 2.4 (I guess), it's possible to use directive <RequireAll> and <RequireAny>. This can be used to allow access to specific subfolders.

My solution for .htaccess (inspired from this site: https://www.the-art-of-web.com/system/apache-authorization/):

SetEnvIf REQUEST_URI "^/test/.*" PUBLICACCESS
# Use for multiple subfolders:
# SetEnvIf REQUEST_URI "^/(?:test|test2|test3|test4)/.*" PUBLICACCESS
<RequireAny>
    <RequireAll>
        # Public access
        Require env PUBLICACCESS
        Require all granted
    </RequireAll>
    <RequireAll>
        # Require user and password
        AuthType Basic
        AuthName "Secured"
        AuthUserFile /var/www/example.com/.htpasswd
        Require valid-user
    </RequireAll>
</RequireAny>

I'm using a cpanel powered server which will add .htaccess entries like the following:

#----------------------------------------------------------------cp:ppd
# Section managed by cPanel: Password Protected Directories     -cp:ppd
# - Do not edit this section of the htaccess file!              -cp:ppd
#----------------------------------------------------------------cp:ppd
AuthType Basic
AuthName "Protected"
AuthUserFile "/home/****/.htpasswds/sites/****/passwd"
Require valid-user
#----------------------------------------------------------------cp:ppd
# End section managed by cPanel: Password Protected Directories -cp:ppd
#----------------------------------------------------------------cp:ppd

I wanted to allow access to a specific subfolder, and the solution was creating an .htaccess file within that subfolder and placing the following inside:

Satisfy any

If you have protected your DocumentRoot by Auth, then you can allow your Subfolder by follow:

http://sub.mydomain.com/test/.htaccess:

require all granted
Order allow,deny
Allow from all

继续阅读:.htaccessmagentophp

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9