My application has the following structure:
…/public_html/ (application root)
…/public_html/www_root/ (my webroot folder containing all images, css, js etc along with my front controller index.php)
I have an .htaccess file in both of these folders. My first .htaccess file is a lot more comprehensive regarding rules etc but essentially will forward all requests to my www_root/ folder:
<IfModule mod_rewrite.c>
# Follow all symbolic links but do not index directories
Options +FollowSymlinks -Indexes
# Turn the rewrite engine on
RewriteEngine On
# Turn the server signature off
ServerSignature Off
# Protect against DOS attacks by limiting file upload size
LimitRequestBody 10240000
# Do not allow access to any .ht file
<FilesMatch "^\\.ht">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
# Protect the php.ini file:
<files *.ini>
order allow,deny
deny from all
</files>
# Ensure all URL's is processed using the www. (SEO, Not for development purposes)
RewriteCond %{HTTP_HOST} !^www\\. [NC] [OR]
RewriteCond %{HTTP_HOST} !^localhost [NC] [OR]
RewriteCond %{HTTP_HOST} !^testdomain.com [NC]
RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#dont send the apache error document, but rather send the not found to index.php
ErrorDocument 404 index.php
# Send a forbidden request to some known web spiders
RewriteCond %{HTTP_USER_AGENT} ^Anarchie [OR]
RewriteCond %{HTTP_USER_AGENT} ^ASPSeek [OR]
RewriteCond %{HTTP_USER_AGENT} ^attach [OR]
RewriteCond %{HTTP_USER_AGENT} ^autoemailspider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xaldon\\ WebSpider [OR]
RewriteCond %{HTTP_USER_AGENT} ^Xenu [OR]
RewriteCond %{HTTP_USER_AGENT} ^Zeus
RewriteRule ^.* - [F,L]
# Rewrite all empty requests to www_root/
RewriteRule ^$ www_root/ [L]
# Rewrite all requests except selected filenames to www_root
RewriteCond %{REQUEST_URI} !^.*\\.(gif|jpg|png|ico|css|js|swf|wav|mp3|less|cur)$
RewriteRule (.*) www_root/$1 [L]
</IfModule>
<IfModule !mod_rewrite.c>
<IfModule mod_alias.c>
# When mod_rewrite is not available, we instruct a temporary redirect of
# the startpage to the front controller explicitly so that the website
# and the generated links can still be used.
RedirectMatch 302 ^/$ /index.php/
# RedirectTemp cannot be used instead
</IfModule>
</IfModule>
My .htaccess file in my www_root/ folder sends all requests to the index.php file:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>
<IfModule !mod_rewrite.c>
<IfModule mod_alias.c>
# When mod_rewrite is not available, we instruct a temporary redirect of
# the startpage to the front controller explicitly so that the website
# and the generated links can still be used.
RedirectMatch 302 ^/$ /index.php/
# RedirectTemp cannot be used instead
</IfModule>
</IfModule>
Now as my front controller resides in the www_root/ folder (…/public_html/www_root/index.php) it essentially is now the base path of all html requests, so when I have something like <img src=‘images/someimage.jpg’ />, will that request process both my .htaccess files or will it only process the .htaccess file located in my www_root/ folder? The reason being is that I do not want to duplicate all rules in both .htaccess files, but fear that not doing that may cause all “html” requests to not read or be filtered with the rules in my application root folder?
Also, not knowing better, is there a better or more efficient way to achieve the above? I have collected these rules over years so I am not sure if some of them are overkill