Block direct access to a directory and create condition to free access with .htacess

8

I have this for when:

  • Request is not an existing file OR
  • Request ends with .php
RewriteCond %{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_FILENAME} \.php$
RewriteRule ^(.*)$ http://login/sites/?request=$1 [L]

I do not understand almost anything about htacess, could anyone help me in addition to block access, release via some condition, eg via GET , or even access $ _ SESSION , access to a folder?

Action: When trying to access a folder, it would be directly redirected to a login page and after logging in, it could freely access the folder through the url.     

asked by anonymous 04.03.2015 / 16:41

2 answers

4

Ideally, you should have a redirect to the index.php page, or another one, which serves as an entry page for the site.

Within this page the validation logic must be placed. If $ _SESSION does not exist when index.php is executed, it will redirect to a login page.

In index.php you can have something of the sort:

$loginURL = "http://www.domain.tld/login.php"; // substituir por URL real
if (session_status() !== PHP_SESSION_ACTIVE) {session_start();}
if (!isset($_SESSION['Login'])) {
  // redirecciona para páginda de login
  header("Location: {$loginURL}");
}
    
29.04.2015 / 15:59
0

See if it helps you, this .htaccess from here we use in our FrameWork:

RewriteEngine On
RewriteCond public/$1 -F
RewriteRule (.+) public/$1 [L]
RewriteCond $0 !^(index\.php|public/)
RewriteRule (.*) index.php/$1 [QSA]

It does this, everything will be directed to index.php but if it is in / public and the file exists, PHP file does not run in / public, it displays, but if the file does not exist it executes index.php

    
20.03.2015 / 13:33