whitelisting ONLY /processwire/* pages

[Rob]

We want to stick our whole site behind HTTPS and only let through requests for /processwire/* pages so that the site acts purely as a CMS, and then we're developing our own front-end page dispatch code using the API.

I've been going mad trying to work out how I need to modify the htaccess file (or indeed the underlying virtual host in apache) so that I can whitelist only /processwire/ pages.

I want anything that starts with /processwire to get through and any other page requests (other than those for resources such as assets, css, javascript etc) to to be forbidden.

In theory it should be simple but I have tried all manner of things and nothing works. Can anyone with a better knowledge of apache help me out?

[ryan]

Rob, how about this?

# block everything except actual files/dirs that exist
# for instance, JS/CSS files used by admin and modules, etc.

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule !^processwire - [F]

# block access to root and /index.php file
# if running site from subdir, replace '/' with '/subdir/'

RewriteCond %{REQUEST_URI} ^(/?$|index.php)
RewriteRule !^processwire - [F]

Place right after your "RewriteEngine On" line.

[Rob]

Finally got round to trying this, works a treat.

I've never quite mastered the black art of Apache Rewrite so you've done me a big favour.

Thanks!