We want to stick our whole site behind HTTPS and only let through requests for /processwire/* pages so that the site acts purely as a CMS, and then we're developing our own front-end page dispatch code using the API.
I've been going mad trying to work out how I need to modify the htaccess file (or indeed the underlying virtual host in apache) so that I can whitelist only /processwire/ pages.
I want anything that starts with /processwire to get through and any other page requests (other than those for resources such as assets, css, javascript etc) to to be forbidden.
In theory it should be simple but I have tried all manner of things and nothing works. Can anyone with a better knowledge of apache help me out?
whitelisting ONLY /processwire/* pages
Started by Rob, Mar 12 2012 07:22 AM
2 replies to this topic
#2
ryan
-
- Administrators
-
- 5,773 posts
-
3118
Hero Member
- LocationAtlanta, GA
Posted 12 March 2012 - 09:27 AM
Rob, how about this?
Place right after your "RewriteEngine On" line.
# block everything except actual files/dirs that exist
# for instance, JS/CSS files used by admin and modules, etc.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule !^processwire - [F]
# block access to root and /index.php file
# if running site from subdir, replace '/' with '/subdir/'
RewriteCond %{REQUEST_URI} ^(/?$|index.php)
RewriteRule !^processwire - [F]
Place right after your "RewriteEngine On" line.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
