[Edit: Answered by CBroe below in comments]

I've read countless threads on this and nothing is working for me. I am in the process of hardening our www.mta-sts.[maindomain].com subdomain. For this subdomain, we only want one single page to be accessible, being www.mta-sts.[maindomain].com/.well-known/mta-sts.txt.

This file sits in a hidden directory (being the .well-known directory). We would like to forbid access to all hidden files and directories across the entire the subdomain, while excluding the mta-sts.txt file from that rule.

The following rule works well to remove access to hidden files and directories (source):

# deny access to hidden files and directories
RewriteCond %{SCRIPT_FILENAME} -d [OR]
RewriteCond %{SCRIPT_FILENAME} -f
RedirectMatch 404 /\..*$ [L]

How do we exclude the mta-sts.txt file from this rule?

We tried a popular answer (amongst many others) and it did not work:

# deny access to hidden files and directories
RewriteCond %{SCRIPT_FILENAME} -d [OR]
RewriteCond %{SCRIPT_FILENAME} -f
RewriteCond %{REQUEST_URI} !^/.well-known/mta-sts\.txt$
RedirectMatch 404 /\..*$ [L]

CodePudding user response：

Credit to @Cbroe and @MrWhite in the comments.

Here is the snippet that works for me (404 redirect for all hidden files except the mta-sts.txt file):

# deny access to hidden files and directories (except mta-sts.txt)
RewriteCond %{SCRIPT_FILENAME} -d [OR]
RewriteCond %{SCRIPT_FILENAME} -f
RewriteCond %{REQUEST_URI} !^/.well-known/mta-sts\.txt$
RewriteRule "(^|/)\." - [R=404,NC,L]