Allow one php file access.

Discussion in 'Setting-up protection' started by illicious, Mar 31, 2020.

  1. illicious

    illicious aMember Pro Customer

    Joined:
    Mar 11, 2020
    Messages:
    7
    Hi, is there a way to allow one php read access in a protected directory?

    For example:

    www.mysite.com/members/rss.php

    I would like to pull some info off the protected members folder and display it on mysite.com.
    Im using new-rewrite plugin to protect /members using this:

    #### Rules that should be added
    RewriteCond %{REQUEST_URI} !^/rss.php$
    RewriteRule ^(.*)$ - [L]
    ####

    It doesn't seem to allow access and i get a redirect to amember login.

    If it cannot be done then no problem, ill try something else.
  2. illicious

    illicious aMember Pro Customer

    Joined:
    Mar 11, 2020
    Messages:
    7
    So many similar looking files, directories and pages i got a few things mixed up.
    This is the working one:

    #### Rules that should be added
    RewriteCond %{REQUEST_URI} rss.php$
    RewriteRule ^(.*)$ - [L]
    ####
  3. illicious

    illicious aMember Pro Customer

    Joined:
    Mar 11, 2020
    Messages:
    7
    Correction..
    This doesn't work.
    It allows the single php file read access but the rest of the protected directory receives a page not working screen.
  4. caesar

    caesar aMember Pro Developer Staff Member

    Joined:
    Oct 16, 2009
    Messages:
    2,193
    Hello,

    Can you show me full content of your .htaccess file?

    Thanks.
  5. illicious

    illicious aMember Pro Customer

    Joined:
    Mar 11, 2020
    Messages:
    7
    htaccess of sub directory mysite.com/members:
    /members is AVS tube script, my site is wp.

    Code:
    ########### AMEMBER START #####################
    Options +FollowSymLinks +Indexes
    RewriteEngine On
    
    # if cookie is set and file exists, stop rewriting and show page
    RewriteCond %{HTTP_COOKIE} amember_nr=([a-zA-Z0-9]+)
    RewriteCond /home/myacc/public_html/mysite.com/amember/data/new-rewrite/%1-1 -f
    RewriteRule ^(.*)$ - [S=3]
    
    # if cookie is set but folder file does not exists, user has no access to given folder
    RewriteCond %{HTTP_COOKIE} amember_nr=([a-zA-Z0-9]+)
    RewriteCond /home/myacc/public_html/mysite.com/amember/data/new-rewrite/%1-1 !-f
    RewriteRule ^(.*)$ https://www.mysite.com/amember/no-access/folder/id/1?url=%{REQUEST_URI}?%{QUERY_STRING}&host=%{HTTP_HOST}&ssl=%{HTTPS} [L,R]
    
    #### Rules that should be added
    RewriteCond %{REQUEST_URI} rss.php$
    RewriteRule ^(.*)$ - [L]
    ####
    ## if user is not authorized, redirect to login page
    # BrowserMatch "MSIE" force-no-vary
    RewriteCond %{QUERY_STRING} (.+)
    RewriteRule ^(.*)$ https://www.mysite.com/amember/protect/new-rewrite?f=1&url=%{REQUEST_URI}?%1&host=%{HTTP_HOST}&ssl=%{HTTPS} [L,R,B]
    RewriteRule ^(.*)$ https://www.mysite.com/amember/protect/new-rewrite?f=1&url=%{REQUEST_URI}&host=%{HTTP_HOST}&ssl=%{HTTPS} [L,R]
    ########### AMEMBER FINISH ####################
    
    # Comment the 2 lines below if the server returns 500 errors!
    Options -Indexes
    Options +FollowSymLinks
    
    #Uncomment following lines if you want to use image caching!
    #<IfModule mod_expires.c>
    #  ExpiresActive On
    #  ExpiresDefault A1209600
    #  ExpiresByType text/html A1
    #</IfModule>
    
    # Uncomment following lines if Apache doesnt support MultiViews!
    
    RewriteEngine on
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    
    <IfModule mod_rewrite.c>
            # RewriteEngine On
       
        # Uncomment the 2 lines below if you are using www.domain.com
        # as the baseurl for the site and users access your site
        # via domain.com (THIS IS REQUIRED FOR JQUERY TO WORK)
       
         RewriteCond %{HTTP_HOST} ^mysite.com/members/ [NC]
         RewriteRule ^(.*)$ https://www.mysite.com/members/$1 [L,R=301]
    
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteRule .* loader.php [L,QSA]
    
    </IfModule>
    
    <Files 403.shtml>
    order allow,deny
    allow from all
    </Files>
    
    # php -- BEGIN cPanel-generated handler, do not edit
    # Set the “alt-php73” package as the default “PHP” programming language.
    <IfModule mime_module>
      AddHandler application/x-httpd-alt-php73 .php .php7 .phtml
    </IfModule>
    # php -- END cPanel-generated handler, do not edit
  6. caesar

    caesar aMember Pro Developer Staff Member

    Joined:
    Oct 16, 2009
    Messages:
    2,193
    Please replace it with this code:

    Code:
    ########### AMEMBER START #####################
    Options +FollowSymLinks +Indexes
    RewriteEngine On
    
    RewriteRule ^rss.php$ - [L]
    
    # if cookie is set and file exists, stop rewriting and show page
    RewriteCond %{HTTP_COOKIE} amember_nr=([a-zA-Z0-9]+)
    RewriteCond /home/myacc/public_html/mysite.com/amember/data/new-rewrite/%1-1 -f
    RewriteRule ^(.*)$ - [S=3]
    
    # if cookie is set but folder file does not exists, user has no access to given folder
    RewriteCond %{HTTP_COOKIE} amember_nr=([a-zA-Z0-9]+)
    RewriteCond /home/myacc/public_html/mysite.com/amember/data/new-rewrite/%1-1 !-f
    RewriteRule ^(.*)$ https://www.mysite.com/amember/no-access/folder/id/1?url=%{REQUEST_URI}?%{QUERY_STRING}&host=%{HTTP_HOST}&ssl=%{HTTPS} [L,R]
    
    ## if user is not authorized, redirect to login page
    # BrowserMatch "MSIE" force-no-vary
    RewriteCond %{QUERY_STRING} (.+)
    RewriteRule ^(.*)$ https://www.mysite.com/amember/protect/new-rewrite?f=1&url=%{REQUEST_URI}?%1&host=%{HTTP_HOST}&ssl=%{HTTPS} [L,R,B]
    RewriteRule ^(.*)$ https://www.mysite.com/amember/protect/new-rewrite?f=1&url=%{REQUEST_URI}&host=%{HTTP_HOST}&ssl=%{HTTPS} [L,R]
    ########### AMEMBER FINISH ####################
    
    # Comment the 2 lines below if the server returns 500 errors!
    Options -Indexes
    Options +FollowSymLinks
    
    #Uncomment following lines if you want to use image caching!
    #<IfModule mod_expires.c>
    #  ExpiresActive On
    #  ExpiresDefault A1209600
    #  ExpiresByType text/html A1
    #</IfModule>
    
    # Uncomment following lines if Apache doesnt support MultiViews!
    
    RewriteEngine on
    RewriteCond %{HTTPS} off
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    
    <IfModule mod_rewrite.c>
            # RewriteEngine On
     
        # Uncomment the 2 lines below if you are using www.domain.com
        # as the baseurl for the site and users access your site
        # via domain.com (THIS IS REQUIRED FOR JQUERY TO WORK)
     
         RewriteCond %{HTTP_HOST} ^mysite.com/members/ [NC]
         RewriteRule ^(.*)$ https://www.mysite.com/members/$1 [L,R=301]
    
        RewriteCond %{REQUEST_FILENAME} !-f
        RewriteCond %{REQUEST_FILENAME} !-d
        RewriteRule .* loader.php [L,QSA]
    
    </IfModule>
    
    <Files 403.shtml>
    order allow,deny
    allow from all
    </Files>
    
    # php -- BEGIN cPanel-generated handler, do not edit
    # Set the “alt-php73” package as the default “PHP” programming language.
    <IfModule mime_module>
      AddHandler application/x-httpd-alt-php73 .php .php7 .phtml
    </IfModule>
    # php -- END cPanel-generated handler, do not edit
  7. illicious

    illicious aMember Pro Customer

    Joined:
    Mar 11, 2020
    Messages:
    7
    Got it working another way but this is much better.
    Thank you so much for your help.
  8. caesar

    caesar aMember Pro Developer Staff Member

    Joined:
    Oct 16, 2009
    Messages:
    2,193

Share This Page