1

Common problem, but too complicated for me.

Here are the requirements I am trying to meet:

  1. The root URL http://example.com should be redirected to http://www.example.com
  2. All URLs like http://example.com/c/1234567890 should be redirected to http://www.example.com/c/1234567890 (notice the "c" fake subdirectory)
  3. When entered http://example.com/index.php one should be redirected to http://www.example.com (no trailing slashes)
  4. On top of that I'm trying but failing to secure a subfolder "xy" from direct access exept from php files in root and javascript files.

I searched a lot and tried a lot of rewrite conditions and rules, but htaccess+regex is just from another planet for me. :/ Sorry if this is a duplicate…

Paul
  • 26,170
  • 12
  • 85
  • 119
Tobias
  • 319
  • 3
  • 16
  • Are there addresses in http://example.com/[something] that should not redirect to http://www,example.com/[something] ? I ask because the usual way of meeting the first requirement can redirect all associated paths, not just the top. – Paul Jul 15 '13 at 06:26
  • Hey, there will be no addresses like example.com/[something] just example.com/search?=xy. Everything else contains the fake subfolder "c" which means it will be example.com/c/[something] – Tobias Jul 15 '13 at 06:32
  • So if no one looked for "c" but just redirected everything from example.com to www.example.com, preserving what comes after the slash, that takes care of #1 and #2, right? Is this also true for #3? Not as written... Is #3 correct, you want example.com/index.php to go to www.example.con with no / and also no /index.php? or do you want example.com/index.php to go to www.example.com/index.php ? If you decide #3 is wrong, you can click edit and revise it. – Paul Jul 15 '13 at 06:33
  • I haven't actually done one of these in a while, so I'll let someone else take a stab at it. #4 is harder than 1-3. The trivial but amateurish way is to check the REFERER field that is filled in by web browsers (like IE or Chrome or Firefox) and sent to the server, to see if it matches the domain name for the page. It would block average curious people from visiting the folder directly with their browser. It does not block scripts that use various tools, because all the fields that would come from a web browser can be faked by the tool. CSRF tokens are better, but are more involved. – Paul Jul 15 '13 at 06:45
  • I hope I unerstand you right :) If somebody types the url with "index.php" at the end, it should strip the "index.php" and redirect to www.example.com – Tobias Jul 15 '13 at 06:48
  • Or maybe I could solve #4 via PHP? – Tobias Jul 15 '13 at 06:49
  • Yes, you can get the referer field within PHP, perhaps with $_SERVER['HTTP_REFERER']; see also http://stackoverflow.com/questions/1864583/get-original-url-referer-with-php – Paul Jul 15 '13 at 06:52
  • Ok, sounds good, thanks. I'll keep on trying with #1–#4 then. – Tobias Jul 15 '13 at 06:54

1 Answers1

2

These would be in the htaccess file in your document root. Turn on the rewrite engine

RewriteEngine On

For 1 and 2: redirect to "www" if root request or request for /c/(something)

RewriteCond %{HTTP_HOST} ^example\.com$ [NC]
RewriteRule ^(c/.+)?$ http://www.example.com%{REQUEST_URI} [L,R=301]

For 3: redirect direct requests for /index.php to just /

RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index\.php
RewriteRule ^ / [L,R=301]

For 4: forbid direct access to anything in the /xy/ directory.

RewriteCond %{HTTP_REFERER} !http://(www\.)?example\.com/ [NC]
RewriteRule ^xy/ - [L,F]
Jon Lin
  • 142,182
  • 29
  • 220
  • 220
  • Thank you very much for your answer! I tried 1–3 now but somehow only the redirect from [example.com] to [www.example.com] and the removal of the trailing slashes [/] if on root works nicely. Don't know if I'm missing something… – Tobias Jul 16 '13 at 00:09
  • #4 is redundant by now, since I need access to the folder [xy] via Ajax anyhow. Should I delete it from my initial question? – Tobias Jul 16 '13 at 01:19