Im developing an MVC pattern based CMS. I wnat to prevent the direct access to my subfolders and files I have this .htaccess file in the root folder:
php_flag display_errors On
php_value error_reproting 9999
<IfModule mod_rewrite.c>
RewriteEngine on
SetEnv HTTP_MOD_REWRITE On
RewriteBase /lmvc_trunk/
Options -Indexes
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^(.+)$ index.php?url=$1 [QSA,L]
</IfModule>
The page requests looks like: http://mydoamin.com/pages/details/15 . This will load the "pages" controller and call it's method called "details" and passes the 15 as a parameter (pages_controller->details(15))
The "Options -Indexes" will prevent users from listing for example the /library directory. But if I type http://mydoamin.com/library/Bootstrap.php in the browser it will load the php script. I know if I add an .htaccess file with "deny from all" to a subfolder that will solve this problem, but isn't there any nicer solution than placing this htaccess file to ALL my subfolders? Can I somehow prevent the direct access to subfolders and files from the htaccess in the root?
It would be better if i could redirect direct file and folder requests to index/404 so the user wont even know if there is a folder called e.g /library
Im new to htacces and rewrite. Any solutions?
