I need to block some uld URLs that are generating a lot of traffic in my web server (Apache). For example to block all the requests like https://example.com/xxxxxx/
I Can't do that with IPtables so I am using mod_rewrite with a rule in my .htaccess
That is still consuming a lot of resources and I am wondering if there is a better way to block the request before reaching Apache. Or another most efficient way to do it within Apache. For example, I heard that parsing .htaccess files consumes resources so not sure if using the vhost .conf file can help or it is really the same...
Any advice on how can I block requests using the URL?
Thank you experts!
Certainly distributed configuration files consume more load than a single, central and static configuration. But the differences are not like day and night. The issue with a distributed configuration is more the effort to keep the overview, to maintain it.
If you can keep those requests away from the http server at all you certainly will see more difference. You could consider using a frontend server. Something like nginx or HAProxy that acts as a gate keeper and only forwards those requests you actually want to respond to. This makes little sense on a single system though, you'd need two separate cloud services or even systems for that.
The best approach would be to add something like this to your httpd / vhost.conf file:
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/xxxx$
RewriteRule ^ - [F]
Every call to /xxxx would result in mod_rewrite to return a 403 response.
Make sure to place those rules into the according vhost tag.
Related
I often have projects that produce some sort of output folder, usually named build or public or something like that. But if I deploy my entire project to an Apache web server, in order to route to the actual project you would have to do it like this: https://example.com/user/project/build/file.
To simplify and shorten the url, how can I rewrite requests in a .htaccess file so that if google for user/project/file it automatically routes it to user/project/build/file?
The best usually is to place only those files under the DOCUMENT_ROOT that are actually meant to be directly published by the http server. That also typically simplifies the URL to access them. The rest of the files, scripts and ressources should be kept outside the DOCUMENT_ROOT. You can still access them inside your application logic.
Sometimes this is not possible though. For example if you are using a cheap hosting service instead of operating your own http server. In such case request rewriting comes in as an alternative. In this situation you also typically have to rely on distributed configuration files (".htaccess") instead of being able to use the usual http server's host configuration. That comes with a few disadvantages, but sometimes it is your only option.
Have a try using such an implementation:
RewriteEngine on
RewriteRule ^/?user/project/build/(.*)$ /user/project/$1 [R=301,L]
RewriteRule ^/?user/project/(.*)$ /user/project/build/$1 [END]
This relies on the rewriting module being loaded and activated in the http server, obviously. And also the usage of distribute configuration files needs to be enabled for the http host and the requested location.
Always test using a fresh anonymous browser instance (to prevent caching issues in your tests). It also makes sense to start out using a R=302 temporary redirection first and only to change that to a R=301 permanent redirection once everything works as expected.
I would need to perform a redirect by extrapolating a part of the url and then creating the new one.
Specifically, I have to redirect:
https://(part to be extracted).montecoasp.it
up:
https://(extracted part).montecosrl.it
PLEASE NOTE: The part to be extracted may not even be there.
Can anyone tell me what to write in the htaccess file? Should you use RewriteUrl, RedirectMatch or what? Thank you.
I assume this is what you are looking for:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(\w+\.)?montecoasp\.it$
RewriteRule ^ https://%1montecoasp.it%{REQUEST_URI} [R=301,END]
You can implement such rule in a distributed configuration file, but you should prefer to use the static http server's host configuration.
Obviously the rewriting module needs to be loaded into the http server for this. And if you want to use a distributed configuration file (".htaccess"), then you need to enable those too...
In general it is a good idea to start out with a R=302 temporary redirection and only to change that to a R=301 permanent redirection once everything is sorted out. That prevents nasty caching issues...
You definitely should start reading the documentation of the tools you are using. You want to learn how things work, you do not just want to blindly copy things. As typical for OpenSource software the apache documentation is of excellent quality and comes with great examples:
https://httpd.apache.org/docs/current/howto/htaccess.html
https://httpd.apache.org/docs/current/mod/mod_rewrite.html
I have the following very simple htaccess file:
RewriteEngine On
RewriteRule a.jpg b.jpg
RewriteRule c.php d.php
All four resources are in the root folder.
The PHP rule works as expected, however, the JPG rule is just ignored as if it were not there. The image a.jpg continues to display.
I am completely clueless on why that would happen.
The only explanation I could think of is that Apache is somehow configured not to INVOKE htaccess at all if the requested resource is an image. Is that even possible?
I found out the reason and I am posting my answer in case anyone faces the same issue.
It appears that both Nginx and Apache are configured on the server. Nginx is internet facing and Apache is internal.
It appears that the web hosting company has done so to benefit from Nginx's better performance and to provide compatibility to anyone coming from Apache environment at the same time.
When Nginx receives a PHP request from the internet it allows the request to pass through and reach Apache but when the resource is a static resource (image, css, js) Nginx delivers the resource itself for optimum performance.
The htaccess image rule above is not processed because the request is not even reaching Apache.
I temporarily solved the problem by not allowing Nginx to handle the images itself and allowing them to proceed to Apache.
The better solution of course is to remove htaccess dependency and handle everything within Nginx configuration file, which I will be doing soon.
The best solution of course is to remove Apache completely but it is a shared server and I don't have full control.
I am currently migrating my website from Apache to nginx, but my .htaccess file is not working. My website is inside the /usr/share/nginx/html/mywebsite folder. How can I use .htaccess in my nginx server?
This is my .htaccess file:
RewriteEngine on
RewriteRule video/watch/([a-zA-Z0-9_#$*-]+)/?$ "videos-single.php?id=$1" [NC]
Nginx doesn't support .htaccess (see here: "You can’t do this. You shouldn’t. If you need .htaccess, you’re probably doing it wrong.").
You've two choices (as I know):
import your .htaccess to nginx.conf (maybe the htaccess to nginx converter helps you)
use authd-htpasswd (I didn't try it)
Disclosure: I am the author of htaccess for nginx, which is now open source software.
Over the past years, I created a plugin which implements htaccess behaviour into nginx, especially things like RewriteRule, Allow and Deny, which can be crucial for web security. The plugin is used in my own productive environments without a problem.
I totally share the point of efficiency and speed in nginx, and why they didn't implement htaccess.
However, think about it. You cannot make it worse if you're using nginx plus htaccess. You still keep the great performance of nginx, plus you can drive your legacy appliances effortlessly on one webserver.
This is not supported officially in nginx. If you need this kind of functionality you will need to use Apache or some other http server which supports it.
That said, the official nginx reasoning is flawed because it conflates what users want to do with the way it is done. For example, nginx could easily check the directories only every 10 seconds / minute or so, or it could use inotify and similar mechanisms. This would avoid the need to check it on every request... But knowing that doesn't help you. :)
You could get around this limitation by writing a script that would wait for nginx config files to appear and then copy them to /etc/nginx/conf.d/. However there might be some security implications - as there is no native support for .htaccess in nginx, there is also no support for limiting allowed configuration directives in config files. YMMV.
Using the config file is one option, but the cool thing about the .htaccess file is that it provided a way for a web developer to have some control over server settings without having root access to the server. There doesn't seem to be anything like this on nginx which is a real bummer.
I understand how the way it's setup on apache slows down response times, but hoped there could be an nginx way to do the same thing without the performance hit... At least a way to do rewrites with regex on urls if nothing else.
"Is there no nginx way to do bulk redirects using regular expressions that doesn't slow down response times."
Just edit your database with myphpmyadmin.
Open myphpmyadmin select your database then find your "yourprefix_Posts" table.
Open it then click the "Search" tab, then "Find and Replace".
Select "post_content" in the dropdown
In the "Find" field, type URL you want to change: "website.com/oldURL".
In the "Replace" field, type the new URL: "website.com/newURL".
(To use regular expression, tick the "Regular Expression" box.)
NOTE: You can test this out by simply leaving the "Replace" field blank.
ALWAYS BACKUP database before making changes. This might sound scary but its really not. Its super simple and can be used to quickly replace just about anbything.
I'm adding a new service to one of the servers I am currently running, and I'm having troubles getting both applications to run nicely.
Currently I have an web application running on http://server.com:8080/ and I need to be able to forward any of those requests to http://server.com:8080/app (or something similar). I've tried to do some ProxyPass and ReverseProxyPass configurations but I do not understand apache2 well enough to understand what is going wrong.
Can someone provide me with information on how to accomplish this?
You may use a rewrite rule like the following:
RewriteEngine On
RewriteRule ^/(.*) ^/app/$1