: REGEX with RewriteRule This regex is confusing. I want to know its exact meaning. I try to explain by myself. I hope I won't get an error understanding. Please kindly correct my thoughts.

@Jamie184

Yes, I think your understanding of what this regex pattern matches is pretty much correct, except for /webserver/ohya - this will not match the first pattern since there is not dot prefix. And whilst ./webserver/ohya/ would technically match the second pattern, this is not a real world URL-path.


Maybe there are lots of derivative examples


Yes, there are pretty much an infinite number of potential matches.

But note that if the pattern matches then access is blocked (403 Forbidden).

Note the dots are backslash escaped in the regex in order to match literal dots. (The backslashes were not showing in your initial question until I edited it. You appear to have copied/quoted the version without backslashes - this changes the meaning somewhat, although you are describing the escaped version.)

What does this RewriteRule do?

It blocks access to all dot-files (files starting with a dot), except for .well-known, which is often used to validate SSL cert installation (eg. "Let's Encrypt").



RewriteRule "(^|/).(?!well-known)" - [F]




(^|/) - (alternation) Matches either the start of the URL-path or a slash
. - Matches a literal dot
(?!well-known) (negative lookahead) - Successful when it doesn't match the string "well-known".


So this matches either . (at the start of the URL-path) or /. (anywhere) that is not followed by the string "well-known".



RewriteRule "/.|^.(?!well-known/)" - [F]




In this case the alternation covers the entire regex, so you have either /. or ^.(?!well-known/)


This is similar to #1 , however, it will match a string of the form /.well-known, whereas the first will not.

Vote Up Vote Down