How to add exceptions to .htaccess redirect rule
How to add exceptions to .htaccess redirect rule
I'm absolutely unknowledgeable of Apache .htaccess
language and to be frank, I presently don't have time to look into it.
.htaccess
I have divided my website to following directories:
/My-Website
/admin
/public
To me, it seems like a good practice to separate the administration portal from the public website with distinctive folders. Admin is where the administration updates the contents and public is, well, public.
However, this way, I face two key problems:
/public
/admin
mywebsite.com
/public
mywebsite.com/admin
mywebsite.com/admin/may_be_sensitive.xml
I'm quite open to suggestions even if it means that I need to re-organize my entire website in a different structure.
1 Answer
1
You don't need any redirection.
/public should be the root, so the public portion of your website would be visible at https://example.com
/admin should be a subdirectory off public (your webroot) like https://example.com/admin, and should be secured with an appropriate authentication process like basic auth, a one-time token or some other form of secure auth.
It's possible to secure the admin folder with a .htaccess file but it's more secure to do in the server configuration file if you have access to it.
From: http://httpd.apache.org/docs/current/howto/auth.html
<Directory "/usr/local/apache/htdocs/secret">
AuthType Basic
AuthName "Restricted Files"
AuthUserFile "/usr/local/apache/passwd/passwords"
</Directory>
The password file is created with the htpasswd utility.
By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.
Why is this tagged javascript?
– riv
Jul 2 at 19:36