On 5/21/2025 1:07 PM, Frank Gingras wrote:
In the general configuration. The VHOST is defined but this entire configuration is part of the general definitions outside the vhost block.
On Wed, May 21, 2025 at 12:19 PM J Lance Wilkinson <jlw12@xxxxxxx> wrote:
I have a directory /PMHS72/ which contains a few .html and .php files
that I want to present, and all other files in the directory are blocked.
I need to rewrite requests for the files in the directory to redirect
any explicit requests for files in the directory, UNLESS they are those
few whitelisted files, to be sent to one specific one of those
whitelisted .php files as a parameter.
Here's my configuration -- directory and rewrite rules.
RewriteEngine On
LogLevel alert rewrite:trace5
# Allow direct access to whitelisted PHP and HTML files
RewriteCond %{REQUEST_URI}
^/PMHS72/(index|gateway|verify|CodePreview|wrapper|roster)\.php$ [NC,OR]
RewriteCond %{REQUEST_URI} ^/PMHS72/(privacy|terms)\.html$ [NC]
RewriteRule ^ - [L]
# Rewrite everything else under /PMHS72/ to go through wrapper.php
#RewriteRule ^PMHS72/(.*)$ /PMHS72/wrapper.php?file=$1 [QSA,L]
RewriteRule ^/?PMHS72/(.*)$ /PMHS72/wrapper.php?file=$1 [QSA,L]
<DirectoryMatch "^/var/www/html/PMHS72/?$">
Options +Indexes
Require all granted
</DirectoryMatch>
<Directory "/var/www/html/PMHS72">
Require all denied
# Expose all whitelisted files
<FilesMatch
"^(index|gateway|verify|CodePreview|wrapper|roster)\.php$">
Require all granted
</FilesMatch>
<FilesMatch "^(privacy|terms)\.html$">
Require all granted
</FilesMatch>
DirectoryIndex index.php
</Directory>
Any attempt to reach /PMHS72/PMHS-72%20Alumni%20Roster.pdf SHOULD be
rewritten to to this:
/PMHS72/wrapper.php?file=PMHS-72%20Alumni%20Roster.pdf
Instead I'm getting a server default 403 response, and even though I've
got rewrite set to trace 5 I'm getting NO error log entries.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
What context are the rules defined in? The vhost, directly?Likely true. But DOES IT HURT my requirement?If so, RewriteRule ^/? doesn't make sense, as you'll always see the leading slash.Lastly, if you have more than one vhost, run apachectl -S and make sure the correct vhost is being accessed / edited.Only ONE VHOST defined. And the entire server is inside a Synology Container Manager (Docker) container with no shell access so I don't have control over the apachectl command.
One suggestion has been to open up the protection "temporarily" to get the rewrite rules to apply and then lock things down after:
<Directory "/var/www/html/PMHS72">
Options +Indexes
AllowOverride None
# Allow access to trigger rewrite rules, but only internally
Require all granted
# Immediately deny access to files not explicitly allowed
<FilesMatch "^(?!wrapper\.php$|index\.php$|gateway\.php$|verify\.php$|CodePreview\.php$|privacy\.html$|terms\.html$).+$">
Require all denied
</FilesMatch>
DirectoryIndex index.php
</Directory>Going to try that now.
|