Develop Reference

mod-rewrite redirect but prevent direct access

I want to redirect all content to:
www.example.com/public/...
but prevent direct access to
www.example.com/public/file1/
www.example.com/public/file2/
etc
The final URL should be:
www.example.com/file1/
I've tried this for redirecting and it works - but I dont know how to prevent direct access:
ReWriteCond %{REQUEST_URI} !/public/
RewriteRule ^(.*) public/$1 [L]

After spending an inordinate amount of time trying to solve this problem, I found that the solution lies with the under-documented REDIRECT_STATUS environment variable.
Add this to the beginning of your top-level /.htaccess code, and also to any .htaccess files you have under it (e.g. /public/.htaccess):
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{ENV:REDIRECT_STATUS} !=200
RewriteRule ^ /public%{REQUEST_URI} [L]
</IfModule>
Now, if the user requests example.com/file1 then they are served the file at /public/file1. However, if they request example.com/public/file1 directly then the server will attempt to serve the file at /public/public/file1, which will fail (unless you happen to have a file at that location).
IMPORTANT:
You need to add those lines to all .htaccess files, not just the top-level one in the web root, because if you have any .htaccess files below the web root (e.g. /public/.htaccess) then these will override the top-level .htaccess and users will again be able to access files in /public directly.
Note about variables and redirects:
Performing a redirect (or a rewrite) causes the whole process to start again with the new URI, so any variables that you set before the redirect will no longer be set afterwards. This is done deliberately, because usually you do not want the final result to depend on how you got there (i.e. whether it was via a direct request or via a redirect).
However, for those special occasions where you do want to know how you got to a particular URI, you can use REDIRECT_STATUS. Also, any environment variables set before the redirect (e.g. with SetEnvIf) will still be available after the redirect, but with REDIRECT_ prefixed to the name of the variable (so MY_VAR becomes REDIRECT_MY_VAR).

Maybe you should clarify what's the expected behaviour when user tries to reach the real URL:
www.example.com/public/file1/
If by prevent you mean forbid, you could add a rule to respond with a 403
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} !/public/
RewriteRule ^(.*)$ /public/$1 [L]
RewriteCond %{REQUEST_URI} /public/
RewriteRule ^(.*)$ / [R=403,L]
</IfModule>
Update: The solution above doesn't work!
I realized my previous solution always throws the 403 so it's worthless. Actually, this is kinda tricky because the redirection itself really contains /public/ in the URL.
The solution that really worked for me is to append a secret query string to the redirection and check for this value on URL's containing /public/:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} !/public/
RewriteRule ^(.*)$ /public/$1?token=SECRET_TOKEN [L]
RewriteCond %{REQUEST_URI} /public/
RewriteCond %{QUERY_STRING} !token=SECRET_TOKEN
RewriteRule ^(.*)$ / [R=403,NC,L]
</IfModule>
This way www.example.com/file1/ will show file1, but www.example.com/public/file1/ will throw a 403 Forbidden error response.
Concerns about security of this SECRET_TOKEN are discussed here: How secure is to append a secret token as query string in a htaccess rewrite rule?
If your URL's are expected to have it's own query string, like www.example.com/file1/?param=value be sure to add the flag QSA.
RewriteRule ^(.*)$ /public/$1?token=SECRET_TOKEN [QSA,L]

htaccess subdomain rewrite without a redirect

Using htaccess Rewrite, I want my url http://*.phoneataxi.com/ (where * is a wildcard, excluding 'www') to show in the address bar as is but get information from http://*.phoneataxi.com/test.php?c=*.
I have tried so many different things but nothing is doing exactly what I need. Most examples are redirecting the subdomain to the '/test.php' file in the address bar which I don't want to do.
I'm trying not to have to create individial subdomains and subdomain folders within my webroot.
Ideas?

I use this htaccess file to make Apache act as a proxy for another host:
IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^ghost\.pileborg\.se$
RewriteRule (.*) http://vps.pileborg.se/ghost/$1 [P]
</IfModule>
It causes all access to http://ghost.pileborg.se/ to be "redirected" to http://vps.pileborg.se/ghost/.

UPDATE (2020)
Some of the answers regarding this topic is very old and no longer work as expected.
After searching for hours on something that actually works, this is what I came up with; edit as you see fit:
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_HOST} ([a-z0-9]+)\.
RewriteRule ^(.*)$ - [E=BASE:%1]
RewriteCond %{DOCUMENT_ROOT}/%{ENV:BASE}/index.php -f
RewriteRule ^(.*)$ %{ENV:BASE}/index.php [L,NC,QSA]
RewriteCond %{DOCUMENT_ROOT}/%{ENV:BASE}/index.html -f
RewriteRule ^(.*)$ %{ENV:BASE}/index.html [L,NC,QSA]
Breakdown
Make sure that the rewrite module is installed and enabled on your host
first we turn the rewrite engine on and set the path-base
then isolate the subdomain - any letters/numbers before the first dot
set a variable in this runtime environment that contains the subdomain
check if the subdomain folder and index-file exists
if it does exist -then use that file as the request-handler (no redirect)
if it does not exist then the request carries on normally
Flags
The flags used here are explained here, but the ones used above are quite simple:
[L] Last rule, ignore the rest
[NC] No Case, no uppercase/lowercase restrictions
[QSA] I remember this as "Query String Attach" :D

Kohana: Completely remove index.php from url (not repeated issue)

===== CLARIFICATION =====
Please note this, there are hundred of answers to posts similar to this one, but people only cover a part of the problem, not the real one i'm asking here.
=====
I'm using Kohana 3.2, and i want to completely remove index.php from the url. For example, i want to access to the controller foo, action bar.
Normally, with bootstrap and htaccess correctly setted up, i can access like this:
www.domain.com/foo/bar.
But i can also access like this:
www.domain.com/index.php/foo/bar
I want to allow users to ONLY access like the first way, and not like the second way.
I have this section in bootstrap.php:
Kohana::init(array(
'base_url' => '/',
'index_file' => '',
));
i tried taking off index_file line, changing its value to FALSE, and i am still able to access foo/bar both ways.
I think the solution is modifying htaccess, but i tried some changes and it isnt working as i want. I'm using the original htaccess which came with kohana:
# Turn on URL rewriting
RewriteEngine On
# Installation directory
RewriteBase /knisu/
# Protect hidden files from being viewed
<Files .*>
Order Deny,Allow
Deny From All
</Files>
# Protect application and system files from being viewed
RewriteRule ^(?:application|modules|system)\b.* index.php/$0 [L]
# Allow any files or directories that exist to be displayed directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Rewrite all other URLs to index.php/URL
RewriteRule .* index.php/$0 [PT]
Any help would be appreciated :)
EDIT:
I found an answer that could make it work in another post:
# Redirect from:
# http://localhost/index.php/welcome
# to
# http://localhost/welcome
#
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^index\.php/?(.*)?$ $1 [R,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ ?/$1 [L]
The thing is, the author says: "this works but the problem is with the files and dirs that exists he must put the complete path for the images, css, js, etc... I will fix later"
May be that helps to find the final solution?

I think using the original htaccess is better, but with improvements.
After the...
RewriteRule ^(?:application|modules|system)\b.* index.php/$0 [L]
This should do the redirection of the "index.php/",
# Redirect any "index.php/user/profile/" to "/user/profile/"
RewriteRule ^index.php/(.*)$ /$0 [L,R=302]
In my experience, passing css/js through controllers slower than pure apache/nginx request.

Htaccess rule to make urls like this ?page=1 look like /page/1 in Codeigniter

This is how my urls currently look:
http://mysite.com/?page=1
How can I make this work?:
http://mysite.com/page/1
There is a post on StackOverflow that asks the same question. But the accepted solution isn't working for me. Because I am using Codeigniter and my page results in a 404 perhaps because since the url pattern of a CI site is:
domain/controller/method
The system is assuming that I am requesting a controller called "page" and a method called "1" both of which of course doesn't exist. Or maybye it's due to a conflict with the other code in my htaccess file (which I downloaded from the CI wiki, it gets rid of index.php and does a few security things). Here is my entire htaccess file:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
#Removes access to the system folder by users. Additionally this will allow you to create a System.php controller, 'system' can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#When your application folder isn't in the system folder. This snippet prevents user access to the application folder. Rename 'application' to your applications folder name.
RewriteCond %{REQUEST_URI} ^application.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#Checks to see if the user is attempting to access a valid file, such as an image or css document, if this isn't true it sends the request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
#Pretty urls for pagination links
RewriteRule (.*) index.php?page=$1
</IfModule>
The non indented bit is the solution I got from that other SO question that isn't working for me.
Any solutions to this CI pagination issue?
UPDATE
Ok, read some of the docs and now I have this working:
http://mysite.com/home/index/2
What would be the htaccess rule to turn that into?:
http://mysite.com/page/2

You should make this configuration at /application/config/routes.php (and let the .htaccess just for hide the index.php as you are already doing).
$route['page/(:any)'] = 'home/index/$1';
Or better, like #zaherg remembered (ensures that only numbers could by matched):
$route['page/(:num)'] = 'home/index/$1';
This way all the requests to http://mysite.com/page/2 will be treated internally as http://mysite.com/home/index/2 and so forth.
I suggest you take a look at CodeIgniter User Guide - URI Routing and CodeIgniter User Guide - Tutorial − Introduction.
Good luck.

RewriteEngine on
RewriteCond $1 !^(index\.php|images|robots\.txt)
RewriteRule ^(.*)$ /index.php/$1 [L]
from CodeIgniter docs
That will handle removing the index.php, but what happens after that depends how CodeIgniter's query string handling is set up: it can be configured to use a query string rather than a path. See the link for more details.

mod_rewrites .htaccess not working with godaddy hosting (linux)

On my site www.sqcp.com in testing on another linux server, all worked as it should. However since moving it to godaddy, the mod_rewrites haven't been working, therefore none of the other pages have been accessible. Even if I create a blank directory/folder in the what it's trying to tidy the url to it then works for that page (obviously isn't a fix).
So any help would be great here my .htaccess file.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ / [L,R=301]
RewriteRule (.*)/{2,}$ /$1/ [L,R=301]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{THE_REQUEST} ^GET\ /[^?\s]+\.php
RewriteRule (.*)\.php$ /$1/ [L,R=301]
RewriteRule ^(.*)/(\d{4}\-\d{2}\-\d{2}\-[a-zA-Z0-9\-_]+)$ $1?s=$2 [L]
RewriteRule ^(.*/)?staff.php/([a-zA-Z0-9\-_]+) $1staff.php?s=$2 [L]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule (.*)/$ $1.php [L]
RewriteCond %{REQUEST_FILENAME}/index.php !-f
RewriteRule (.*)/$ $1 [L]
</IfModule>

Godaddy run a perfectly good shared hosting service, addressing a large market sector -- users who want an active site (that is with some scripting) but without the cost or complexity of paying for or having the expertise to administer their own Linux VM. This isn't a GoDaddy problem. Its yours.
So first get to understand the environment that you are running under by running a phpinfo script, and make sure it creates the variables that you use. As far as I can see on your example:
Rules 1-3 are 301 redirections to enforce some request naming convention.
Rule 1 redirects /index.php to /
Rule 2 collapses trailing multiple / to a single /
Rule 3 rewrites GET requests for *.php to *.php/
Rules 4-6 map public URIs to internal ones
Rule 4 rewrites /*/yyyy-mm-dd-word to *?s=yyyy-mm-dd-word (note no QSA)
Rule 5 seems to be attempting to rewrite /*/staff.php/word to /*/staff.php?s=word but the syntax is wrong for this.
Rule 6 replaces any trailing / by .php on redirection
Rule 7 strips any trailing '/' unless the uri is a directory with an index.php (I assume that you are assuming a DirectoryIndex index.php (is this the case for GoDaddy?)
This is all hopelessly confused. Are you hiding or exposing the .php extension? Because Rule 3,5 and 6 are inconsistent. And rule 5 would seem more logical as
RewriteRule ^(.*?)/staff.php/([a-zA-Z0-9\-_]+) $1/staff.php?s=$2 [L]
Go back to the drawing board and work out what you are trying to do with your htaccess rules; what you want your public URI grammar to be; how your scripts are laid out; what redirects you want to pass back to the client browser and which you want Apache to handle as internal rewrites and what extra conditions are needed to prevent looping and misfiring. Make sure this makes sense and then debug them by building up your .htaccess file one rule at a time and using test requests to exercise each rule in turn to validate what its doing.

Trying adding the following at the start of your htaccess file. I had the same problem getting rewrites to work on GoDaddy which worked everywhere else:
Options -Multiviews