Forum Topic: Question on hierarchy of htaccess files
Years ago I read that if you put an htaccess file in a lower level folder but still wanted to keep all the rules applied from the root folder you had to repeat all those rules in addition to the new rule, which applies to that folder alone. From what I’m reading it doesn’t sound like this is the case now.
My particular concern is images folders. In the root I have this rule for preventing hotlinking:
# stop hot linking to files
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?facebook\.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?paypal\.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?example.com [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?example.ca [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?example.net [NC]
RewriteRule .*\.(jpg|jpeg|gif|png|bmp|pdf|ico)$ - [F,NC]
In the images folder I have an htaccess file with the above, in addition to:
# Prevents any script files from being accessed from the images folder
<FilesMatch "\.(php([0-9]|s)?|s?p?html|cgi|pl|exe)$">
Order Deny,Allow
Deny from all
</FilesMatch>
Do I need to repeat the hotlinking rules from the root htaccess in the images folder htaccess or am I good to go with just this rule that applies to this folder only in it?
1 Reply to “Question on hierarchy of htaccess files”
.htaccess works in cascading fashion, so any rules in the root .htaccess file should be applied to all sub-directories. You can verify this by puttin something like
RedirectMatch 403 testing123
in the root .htaccess, and then requesting something like this
http://example.com/some/real/path/to/images/or/whatever/testing123
should lead to a 403 Forbidden.