What's wrong with this .htaccess? Restrict access to HostMonster add-on domain

Question

I am using the following .htaccess file to prevent access to a add-on domain through my host monster account. However the folders/files can still be accessed by going to my domain.com/domains/addon-domain.

I have edited the file extensively, trying different things and taking bits from here and there but it just isn't working. If anyone has any experience with this, especially how HostMonster do it, that'd be great.

# Use PHP54CGI as default
AddHandler fcgid54-script .php
# BEGIN WordPress

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
Options -Indexes

RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www.)?mydomain.com$ [NC]
RewriteCond %{REQUEST_URI} ^/domains/addon-domain1/(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/domains/addon-domain2/(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/domains/addon-domain3/(.*)$
RewriteRule ^(.*)$ - [L,R=404]

Answer 1

You need to move that rule so that it's before your wordpress rule. you can also probably consolidate some of the conditions:

# Use PHP54CGI as default
AddHandler fcgid54-script .php

RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www.)?mydomain.com$ [NC]
RewriteCond %{REQUEST_URI} ^/domains/(addon-domain3|addon-domain2|addon-domain1)/
RewriteRule ^ - [L,R=404]

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress
Options -Indexes

Answer 2

The location of your .htaccess is very important.

In order for it to prevent access to these other domains, it needs to be in the root of your site. Or you could put a .htaccess in the root of your various subdomains.

You might have this one in a subdirectory where your wordpress installation is.