I've got a directory known as customers which consists of sub sites for every user. E.g. my directory structure might seem like:








I wish to prevent customers from being able to access other customers files. Therefore, I authored a php script which inspections the road and prints the file contents or otherwise. However , the script isn't being run, but instead apache is attempting to gain access to the files directly.

My .htaccess within the customers/ directory is:

RewriteEngine on

RewriteRule ^customers/ UserAccess.php

A person would then attempt to access http://mywebsite.com/users/username/file. E.g. http://mywebsite.com/users/foo/baz.txt.

The main factor is the fact that http://mywebsite.com/users/username/ is indeed a directory.

How do you fix this to complete things i want?


RewriteEngine on

RewriteRule . UserAccess.php

does not work either.

in case your URL is much like http://example.com/users/... adding:

RewriteCond %{REQUEST_FILENAME} -f

should have great results.

I have set a good example on my small computer using the following .htaccess

RewriteEngine on
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^testdir readHTACCESS.php

and delay pills work all right...


To avoid immediate access you should use Deny from all for those files except UserAccess.php.

I suppose you need to make use of the mod_rewrite option Have a look here

I'll think that mod_rewrite is alive and running in your server, and all sorts of we are coping with is how you can utilize it. :-)

It is best to specify an explicit road to UserAccess.php. Are you aware exactly what the "working directory" is perfect for your rewrite rule?

RewriteRule ^/users/ /users/UserAccess.php

I have examined this and delay pills work for me personally. Whether it does not for you personally, then possibly there is a configuration problem that isn't only the rewrite rule. If that is the situation, it might be very useful to be aware what you are seeing inside your access.log and error.log.

You may also possibly simplify what's happening in PHP by feeding the filename like a variable:

RewriteRule ^/users/(.+\.txt) /users/UserAccess.php?what=$1

This way, you are able to skip parsing $_SERVER['REQUEST_URI'] and merely test for the presence of the file just before delivering it with readfile() or equiv.

The solution could be that the subfolder (foo within the example) had permissions 700. This triggered a 403 response prior to the rewrite rule was parsed. I transformed the permissions to 701 and everything labored.