On 5/21/2025 1:07 PM, Frank Gingras wrote:
On Wed, May 21, 2025 at 12:19 PM J Lance Wilkinson <jl...@psu.edu> wrote:
I have a directory /PMHS72/ which contains a few .html and .php files
that I want to present, and all other files in the directory are
blocked.
I need to rewrite requests for the files in the directory to redirect
any explicit requests for files in the directory, UNLESS they are
those
few whitelisted files, to be sent to one specific one of those
whitelisted .php files as a parameter.
Here's my configuration -- directory and rewrite rules.
RewriteEngine On
LogLevel alert rewrite:trace5
# Allow direct access to whitelisted PHP and HTML files
RewriteCond %{REQUEST_URI}
^/PMHS72/(index|gateway|verify|CodePreview|wrapper|roster)\.php$
[NC,OR]
RewriteCond %{REQUEST_URI} ^/PMHS72/(privacy|terms)\.html$ [NC]
RewriteRule ^ - [L]
# Rewrite everything else under /PMHS72/ to go through
wrapper.php
#RewriteRule ^PMHS72/(.*)$ /PMHS72/wrapper.php?file=$1 [QSA,L]
RewriteRule ^/?PMHS72/(.*)$ /PMHS72/wrapper.php?file=$1 [QSA,L]
<DirectoryMatch "^/var/www/html/PMHS72/?$">
Options +Indexes
Require all granted
</DirectoryMatch>
<Directory "/var/www/html/PMHS72">
Require all denied
# Expose all whitelisted files
<FilesMatch
"^(index|gateway|verify|CodePreview|wrapper|roster)\.php$">
Require all granted
</FilesMatch>
<FilesMatch "^(privacy|terms)\.html$">
Require all granted
</FilesMatch>
DirectoryIndex index.php
</Directory>
Any attempt to reach /PMHS72/PMHS-72%20Alumni%20Roster.pdf SHOULD be
rewritten to to this:
/PMHS72/wrapper.php?file=PMHS-72%20Alumni%20Roster.pdf
Instead I'm getting a server default 403 response, and even though
I've
got rewrite set to trace 5 I'm getting NO error log entries.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
What context are the rules defined in? The vhost, directly?
In the general configuration. The VHOST is defined but this
entire configuration is part of the general definitions outside the
vhost block.
If so, RewriteRule ^/? doesn't make sense, as you'll always see the
leading slash.
Likely true. But DOES IT HURT my requirement?
Lastly, if you have more than one vhost, run apachectl -S and make
sure the correct vhost is being accessed / edited.
Only ONE VHOST defined. And the entire server is inside a
Synology Container Manager (Docker) container with no shell access so I
don't have control over the apachectl command.
One suggestion has been to open up the protection "temporarily"
to get the rewrite rules to apply and then lock things down after:
<Directory "/var/www/html/PMHS72">
Options +Indexes
AllowOverride None
# Allow access to trigger rewrite rules, but only internally
Require all granted
# Immediately deny access to files not explicitly allowed
<FilesMatch
"^(?!wrapper\.php$|index\.php$|gateway\.php$|verify\.php$|CodePreview\.php$|privacy\.html$|terms\.html$).+$">
Require all denied
</FilesMatch>
DirectoryIndex index.php
</Directory>
Going to try that now.
