Restrict Access to Addon Domains

I run several websites on a single hosting plan. While some web developers do this to save money, I did this to save time. When you have all your hosted sites under one cPanel account(or in the same HTTP folder), it is easy to manage them. One problem you need to resolve is that add-on domain databases can be access through the primary domain. It can be fixed by adding a code to our good old .htaccess file in the sub-domain directory that host the files for the primary domain. The .htaccess file in each and every directory of the site must be edited(not the admin folders of CMSes) to include this code.

Make sure you add this code at the very top of the .htaccess file.

RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www.)?primarydomain.com$ [NC]
RewriteCond %{REQUEST_URI} ^/addonfolder/(.*)$
RewriteRule ^(.*)$ - [L,R=404]

This will redirect the users to a 404 page on your main site… However, if you just want everything redirected from one place, you can edit the root directory of the primary site and use the following code for multiple add-ons;

RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www.)?domain.com$ [NC]
RewriteCond %{REQUEST_URI} ^/addon1/(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/addon2/(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/addon3/(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/addon4/(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/addon5/(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/addon6/(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^/addon7/(.*)$
RewriteRule ^(.*)$ - [L,R=404]

If you add the code in the primary domain’s root .htaccess file, the code will not provide a 404 error page on your main website, but it will redirect the users to the sub-domain site.