Clarification on htaccess file use

0
votes

I am just starting to use .htaccess files because I am on a shared hosting. I tried Google: much about creating a .htaccess file, little about where, how many, do rules cascade, etc.

Here is the map of my site:

/www.mysite.com
|
|   .htaccess 
|   index.php
|   
+---includes
|         config.php
|         functions.php
|         some.class.php
|         database.class.php
|
\---public
    |   .htaccess
    |   index.php
    +---css
    |       
    +---js
    |       
    +---images 
    |       
    +---admin
          index.php

I am putting the rule that redirects the root of the site (www.mysite.com) to the public folder in the .htaccess file that is located in the root. 

RewriteEngine On
RewriteBase / public

In the .htaccess file that is located in the public folder, I am putting the rule that removes "/public/" from the URL (www.mysite.com/public/index.php ==> www.mysite.com/index.php). 

RewriteCond %{REQUEST_URI} !^/public/
RewriteRule (.*) /public/$1

I also have the following code to restrict access to the .htaccess file itself and to deny ditectory listings along with other (longer) code that denies bots, sets cache options, time zone, etc.

deny from all Options -Indexes -Multiviews

Do I only need to put that in root .htaccess file (does it trickle down like css)? Does it have to go in the public folder .hyaccess file too?

Do I need .htaccess files in ALL my folders (includes, js, etc.)?

In the includes folder .htaccess file I am putting the code:

<Files config.php>
Order Deny,Allow
Deny from all
</Files>

Is that the correct place for that?

Finally I will password protect the admin/index.php .htpasswd and .htaccess files. This is where I will add/delete users.

Any other recommendations are greatly appreciated.

Thank you in advance.

1
phpapache.htaccessmod-rewriteredirect

1 Answers

0
votes

Your /.htaccess will always be processed, and then down the line to the directory of interest (say, where the script is running) each .htaccess processed in turn. Normally, whatever is set or done in a higher level .htaccess is inherited by lower level .htaccess files (much like CSS). There might be exceptions, but I can't come up with any right now.

When you password protect, it's usually an entire directory and everything beneath it. It might be possible to password protect individual files, but I haven't heard of it. Those files could be protected by access controls in .htaccess.

As a directory inherits its .htaccess-defined settings/protections from above, you only need an .htaccess file in that directory if you want to add or override a setting. For example, you might have Options -Indexes or something, but want visitors to be list the contents of a specific directory (and all children) with Options +Indexes in that directory's .htaccess.

RewriteEngine On
RewriteBase / public

I'm not sure what you're trying to do here. I've only seen RewriteBase with one path.

In the .htaccess file that is located in the public folder, I am putting the rule that removes "/public/" from the URL (www.mysite.com/public/index.php ==> www.mysite.com/index.php).

RewriteCond %{REQUEST_URI} !^/public/
RewriteRule (.*) /public/$1

Huh? The real directory includes /public, so you want to rewrite an incoming non-public URI to include public (i.e., add it)? Your code looks fine, if that's your intent.