Returning a 404 page when a folder is accessed from one domain, but allowing access from other domains and IP addresses
- by okw
Situation:
I want to return a 404 page ("404.php") when a folder ("hidden") is accessed from the example.com domain.
I want the same folder to be accessible from a subdomain ("hidden.example.com") or from a different domain ("hidden.com") which are both configured in a single VirtualHost entry.
The server has multiple IP addresses that it listens on. Each IP address serves identical content from the example.com domain (sharing a VirtualHost entry.) I want the folder to be accessible from the IP address.
The server is configured to use SSL/TLS/HTTPS. HTTPS is optional on example.com, but HTTPS is enforced in the .htaccess file for the hidden folder using a rewrite rule shown below.
/www/hidden/.htaccess
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
I know that {SERVER_ADDR} gives the server's IP address, but does it return the one that the client is requesting from?
I'm also starting to think that something in the VirtualHosts file would be more appropriate. Any thoughts on this?
What should be allowed:
http://87.65.43.21/hidden/
https://87.65.43.21/hidden/
http://12.34.56.78/hidden/
https://12.34.56.78/hidden/
http://hidden.example.com/
https://hidden.example.com/
http://hidden.com/
https://hidden.com/
http://www.hidden.com/
https://www.hidden.com/
What should be 404-ed with 404.php
http://example.com/hidden/
https://example.com/hidden/
http://www.example.com/hidden/
https://www.example.com/hidden/
http://example.com/hidden/hiddenfile.php
https://example.com/hidden/hiddenfile.php
etc.
Thanks.