Unwanted Rewrite in .htaccess

Question

I've got an app on the backend of my site that is having issues being accessed. The site itself uses .htaccess for routing purposes, but I seem to have my rules incorrect or something. I'm basically trying to route everything that does not contain the directory tools/ or ajax/ to index.php:

DirectoryIndex index.php

Options -MultiViews
RewriteEngine on
RewriteBase /

RewriteCond %{REQUEST_FILENAME} !-f
# the folders mentioned here will be accessible and not rewritten
RewriteCond %{THE_REQUEST} !/(ajax|tools)/
# but rewrite everything else
RewriteRule ^ index.php [L]

# ----------------------------------------------------------------------
# UTF-8 encoding
# ----------------------------------------------------------------------

# Use UTF-8 encoding for anything served text/plain or text/html
AddDefaultCharset utf-8

# Force UTF-8 for a number of file formats
AddCharset utf-8 .atom .css .js .json .rss .vtt .xml

# ----------------------------------------------------------------------
# A little more security
# ----------------------------------------------------------------------

# "-Indexes" will have Apache block users from browsing folders without a
# default document Usually you should leave this activated, because you
# shouldn't allow everybody to surf through every folder on your server (which
# includes rather private places like CMS system folders).
<IfModule mod_autoindex.c>
  Options -Indexes
</IfModule>

# Block access to "hidden" directories or files whose names begin with a
# period. This includes directories used by version control systems such as
# Subversion or Git.
<IfModule mod_rewrite.c>
  RewriteCond %{SCRIPT_FILENAME} -d [OR]
  RewriteCond %{SCRIPT_FILENAME} -f
  RewriteRule "(^|/)\." - [F]
</IfModule>

# Block access to backup and source files. These files may be left by some
# text/html editors and pose a great security danger, when anyone can access
# them.
<FilesMatch "(\.(bak|config|sql|fla|psd|ini|log|sh|inc|swp|dist)|~)$">
  Order allow,deny
  Deny from all
  Satisfy All
</FilesMatch>

# prevent access to PHP error log
<Files php_errors.log>
 Order allow,deny
 Deny from all
 Satisfy All
</Files>

<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresByType image/jpg "access 1 month"
    ExpiresByType image/jpeg "access 1 month"
    ExpiresByType image/gif "access 1 month"
    ExpiresByType image/png "access 1 month"
    ExpiresByType text/css "access 1 month"
    ExpiresByType application/pdf "access 1 month"
    ExpiresByType application/javascript "access 1 month"
    ExpiresByType application/x-javascript "access 1 month"
    ExpiresByType application/x-shockwave-flash "access 1 month"
    ExpiresByType image/x-icon "access 1 year"
    ExpiresDefault "access 6 hours"
</IfModule>

However, when attempting to run the long- executing scripts in the tools directory, it eventually gives me a fatal error saying the path ./controllers/tools.php cannot be found, meaning that the URI has been processed by the routing system when it shouldn't have been. Any thoughts?

EDIT - updated with the full .htaccess.

Answer 1

Have it this way:

Options -MultiViews
RewriteEngine on
RewriteBase /

# the folders mentioned here will be accessible and not rewritten
RewriteCond %{THE_REQUEST} !/(ajax|tools)/ [NC]
# but rewrite everything else
RewriteRule ^ index.php [L]

THE_REQUEST variable represents original request received by Apache from your browser and it doesn't get overwritten after execution of some rewrite rules. Example value of this variable is GET /index.php?id=123 HTTP/1.1