0

I know there are thousands of thousands questions like this asked, but I can't seem to find an appropriate solution for my problem.

I'm trying to write a download script. The folder structure is like this:

  • __admin/
  • __uploads/
  • index.php
  • .htaccess

This is my .htaccess file:

RewriteEngine on

RewriteCond %{REQUEST_URI} !^/index.php
RewriteRule ^(.*?)$ index.php?file=$1 [QSA,L]

I want to redirect every single request to index.php as a parameter: 

files.domain.com/awesomefile.zip -> files.domain.com/index.php?file=awesomefile.zip

This works as expected, but if I enter http://files.domain.com/__admin or http://files.domain.com/admin (without trailing slash), it gets rewritten to http://files.domain.com/__admin/?file=__admin respectively http://files.domain.com/admin/?file=admin (same with other existing dirs). I know that mod_dir could be the culprit, but setting DirectorySlashes off in .htaccess doesn't have any effect.

  1. How do I get rid of the additional redirect (caused by mod_dir?) which adds the querystring to the URL? I want to completely hide the redirects from the user.
  2. Why does it even affect admin (even though it isn't a directory)?

Edit: I'm sorry for being confusing, here are some examples which hopefully describe better what I mean:

  • User types: http://files.domain.com/file.zip
    User sees: http://files.domain.com/file.zip
    Internal redirect: http://files.domain.com/index.php?file=file.zip
    This is the desired behaviour.

  • User types: http://files.domain.com/admin/ (note the trailing slash)
    User sees: http://files.domain.com/admin/
    Internal redirect: http://files.domain.com/index.php?file=admin/

  • User types: http://files.domain.com/admin
    User sees: http://files.domain.com/admin/?file=admin <-- Why?
    Internal redirect: http://files.domain.com/index.php?file=admin

The last example shows my problem. I want to get rid of the query string which the user shouldn't see!

Improve this question
8
  • It affects everything, you've not specified any conditions, so absolutely every single request is being sent to index.php Commented May 27, 2015 at 13:16
  • Yeah that's what I want, but why is the querystring appended to http://files.domain.com/admin as well? It isn't a directory, and every other request works just fine. Commented May 27, 2015 at 13:38
  • Because you're telling it to. Commented May 27, 2015 at 13:53
  • Could you please be more specific? I'm not telling mod_rewrite to add a querystring in the first place. The redirect with the querystring should be internal, and this is what works as expected, I'm able to get the parameter in my PHP script. But the user shouldn't see anything of it, if he enters files.domain.com/awesomefile.zip, his URL bar still shows exactly the same URL as he typed in, but if he types http://files.domain.com/admin, the querystring appears in his URL bar which shouldn't happen. Commented May 27, 2015 at 13:58
  • I think you are confusing terms. The trailing slash is not a query string. Nothing in your examples shows any additional query string values being appended after ?file=* though you are using the query string append [QSA] flag such that if a URI like admin?foo=bar was passed you would get index.php?file=admin&foo=bar. Not sure if this is desired behavior or not. Your question is confusing though when you are talking about query strings being appended and there are none in your example. Commented May 27, 2015 at 14:02

2 Answers 2

Reset to default
2

You are correct in saying that mod_dir would add a trailing slash if the URI matches a directory name. Thus is you had a URI like /__admin it would get rewritten to /__admin/ since there is a directory of that name. You can control this behavior.

You can change this behavior through the DirectorySlash directive

DirectorySlash Off

Place this before your rewrite rules.

This still doesn't explain your example of /admin having the slash added. I would question whether this is reproducable.

Please note that security warning related to turning off DirectorySlash. You could introduce a security vulnerability.

http://httpd.apache.org/docs/2.2/mod/mod_dir.html

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

your rule is set that every request will be directed to the index page so this mean that requests to subfolders will be affected as well, you can specify in the rule what files need to be ignored from the rule like this:

RewriteCond %{REQUEST_URI} !^(/index\.php|_admin)
Improve this answer

1 Comment

RewriteCond %{SCRIPT_FILENAME} !-d would be more elegant than listing out every single folder.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.