I am (learning) implementing a Front Controller pattern, redirecting all requests to index.php and appending as a query string (to be parsed later by PHP) via a mod_rewrite rule in httpd.conf, below:
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ /index.php/$1 [NC,L]
Problem 1: This is also redirecting needed existing files, such as domain.com/css/main.css
. Shouldn't !-d
and !-f
be preventing this?
Problem 2: I want to block access (403) to certain directories and their contents -- domain.com/css/*
, domain.com/js/*
, etc -- unless the request comes from domain.com
.
Exposition
I have the following rule to block requests based on HTTP_REFERER
(from a blog, can't find the link...), which by itself blocks all user requests:
RewriteCond %{HTTP_HOST}@@%{HTTP_REFERER} !^([^@]*)@@https?://\1/.*
RewriteRule ^.*$ - [F]
I want to add another condition, checking if REQUEST_URI is for anything in those directories, but am having trouble getting it to work. If I add the below:
RewriteCond %{REQUEST_URI} /?.*(css|js)/?.* [NC]
Then everything is redirected; without it, everything is blocked. So, the full mod_rewrite set is as below:
RewriteCond %{REQUEST_URI} /?.*(css|js)/?.* [NC]
RewriteCond %{HTTP_HOST}@@%{HTTP_REFERER} !^([^@]*)@@https?://\1/.*
RewriteRule ^.*$ - [F]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ /index.php/$1 [NC,L]
Any assistance will be greatly appreciated; I've been searching for an answer all day.