I have a server with a security flaw:
There's the main site https://example.com (on server /var/www folder)
Then there's an additional app (on server /var/www/app/public) that is configured to be on https://app.example.com.
So the app is also reachable via https://example.com/app/public (i'd like to change that)
I have also the problem that the whole app is saved on the server for the developer. Means also all resource files are stored on a public folder, for example https://example.com/app/config/settings.php
Now to fix this I thought I'd put a .htaccess into https://example.com/app with the following code:
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^example\.com/app$ [NC]
RewriteRule ^(.*)$ https://app.example.com/ [R=301,L]
This would redirect everything with the wrong URL (example.com/app/, example.com/app/public, example.com/app/resources, ...) to https://app.example.com.
But when testing it, it doesn't work. I've probably messed up the syntax. Not very experienced with .htaccess. Tried for an hour with a .htaccess tester but didn't succeed. Can you (1) tell me what I'm doing wrong with the .htaccess syntax and (2) tell me if this workaround with the .htaccess is more or less safe enough?
