You want to restrict root access to your website while allowing specific subdirectories to be accessible. This can be achieved using .htaccess rules. Here’s how to do it:
Understanding the Concept
- .htaccess: This is a distributed configuration file that controls how your web server (Apache) behaves in a specific directory and its subdirectories.
- Blocking Root Access: We’ll use rules to deny access to the main (root) directory of your website.
- Allowing Subdirectories: We’ll then create exceptions for the subdirectories you want to be accessible.
Important Considerations Before You Start:
- Backup: Always, always, ALWAYS back up your existing
.htaccessfile before making any changes. A misconfigured.htaccessfile can break your entire website. - Server Configuration: These rules assume you are using an Apache web server and that
AllowOverride Allis set in your server’s main configuration (httpd.conf or equivalent) for your website’s directory. If not,.htaccessfiles won’t work. - Testing: After implementing, thoroughly test your website to ensure everything works as expected. Clear your browser cache during testing.
Steps to Block Root Access and Allow Selected Subdirectories:
Step 1: Create or Edit Your .htaccess File in the Root Directory
Locate or create an .htaccess file in the root directory of your website (e.g., /public_html/ or /www/).
Step 2: Add the Basic Protection Rule
The core of blocking root access is to deny all requests to the root directory.
# Block all requests to the root directory
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/$
RewriteRule .* - [F,L]
Explanation:
RewriteEngine On: Turns on the rewrite engine.RewriteCond %{REQUEST_URI} ^/$: This condition checks if the requested URI is exactly/(the root).RewriteRule .* - [F,L]: If the condition is met, this rule forbids access (F) and stops processing further rules (L). This will result in a 403 Forbidden error for anyone trying to access your main domain directly (e.g.,yourdomain.com).
Step 3: Allow Specific Subdirectories
Now, you need to create exceptions for the subdirectories you want to be accessible. You’ll place these rules before the general blocking rule, as .htaccess rules are processed from top to bottom.
Let’s say you want to allow access to /blog/, /portfolio/, and /contact/.
# Allow access to specific subdirectories
RewriteEngine On
RewriteRule ^(blog|portfolio|contact)(/.*)?$ - [L]
# Block all requests to the root directory
RewriteCond %{REQUEST_URI} ^/$
RewriteRule .* - [F,L]
Explanation of the Allow Rule:
RewriteRule ^(blog|portfolio|contact)(/.*)?$ - [L]:^: Matches the beginning of the URI.(blog|portfolio|contact): This is a group that matches “blog”, “portfolio”, or “contact”. You can add more subdirectory names separated by|.(/.*)?: This optionally matches anything that comes after the subdirectory name (e.g.,/blog/post1,/portfolio/project-details).-: The requested URI is not rewritten.[L]: This flag tells Apache to stop processing further rules if this rule matches. This is crucial because it prevents the subsequent “block root access” rule from being applied to your allowed subdirectories.
Step 4: Combine the Rules (Full .htaccess Example)
Here’s how your complete .htaccess file in the root directory would look:
# Enable Rewrite Engine
RewriteEngine On
# --- ALLOW SPECIFIC SUBDIRECTORIES ---
# Replace 'blog', 'portfolio', 'contact' with your actual subdirectory names
RewriteRule ^(blog|portfolio|contact)(/.*)?$ - [L]
# --- BLOCK ROOT ACCESS ---
# Deny direct access to the root directory
RewriteCond %{REQUEST_URI} ^/$
RewriteRule .* - [F,L]
# Optional: Redirect index files in root to a specific subdirectory
# If you want yourdomain.com to go to yourdomain.com/blog/
# RewriteCond %{REQUEST_URI} ^/(index\.php|index\.html|index\.htm)?$ [NC]
# RewriteRule ^(.*)$ /blog/ [R=301,L]
Step 5: How to Handle Your Root Content
With these rules, yourdomain.com will result in a 403 Forbidden error. You have a few options for what to do with the content that was originally in your root:
- Move it: Relocate any content (e.g.,
index.php,index.html) from your root directory into one of your allowed subdirectories. - Redirect (Optional): If you want users who visit
yourdomain.comto be automatically redirected to a specific subdirectory (e.g.,/blog/), you can add a redirect rule before the block rule.
# Enable Rewrite Engine
RewriteEngine On
# Optional: Redirect index files in root to a specific subdirectory
# If you want yourdomain.com to go to yourdomain.com/blog/
RewriteCond %{REQUEST_URI} ^/(index\.php|index\.html|index\.htm)?$ [NC]
RewriteRule ^(.*)$ /blog/ [R=301,L]
# --- ALLOW SPECIFIC SUBDIRECTORIES ---
RewriteRule ^(blog|portfolio|contact)(/.*)?$ - [L]
# --- BLOCK ROOT ACCESS ---
RewriteCond %{REQUEST_URI} ^/$
RewriteRule .* - [F,L]
- Note: The
[R=301]flag signifies a permanent redirect. Use[R]for a temporary redirect if you’re just testing.
Example Scenario:
Let’s say your website structure is:
/public_html/
├── .htaccess
├── index.html (you want to block this)
├── about.php (you want to block this)
├── blog/
│ └── index.php
│ └── post1.html
├── products/
│ └── index.html
│ └── item1.php
└── images/
└── logo.png (you want this accessible if linked from allowed subdirs)
And you want to allow /blog/ and /products/.
Your .htaccess would look like:
RewriteEngine On
# Allow access to blog and products directories
RewriteRule ^(blog|products)(/.*)?$ - [L]
# Block direct access to the root directory
RewriteCond %{REQUEST_URI} ^/$
RewriteRule .* - [F,L]
With this,:
yourdomain.com-> 403 Forbiddenyourdomain.com/index.html-> 403 Forbiddenyourdomain.com/blog/-> Accessibleyourdomain.com/blog/post1.html-> Accessibleyourdomain.com/products/-> Accessibleyourdomain.com/images/logo.png-> Will be accessible IF it’s linked from a page within/blog/or/products/. The.htaccessonly denies direct root requests, not requests for files within allowed subdirectories or files that are called from within allowed subdirectories.
By carefully implementing these .htaccess rules, you can effectively secure your website’s root directory while maintaining accessibility for your chosen subdirectories. Remember to test thoroughly after each change!