I have a website that I'm dynamically creating URLs for with htaccess rewrites. What I'm looking to do is restrict a URL based on the IP address of those accessing it.
For example, I'm trying to restrict access to any rewrite in the XYZ "sub-folder"
These should all be restricted to a specific IP
www.domain.com/XZY
www.domain.com/XZY/anotherfile.html
www.domain.com/XZY/anotherfolder
But no restriction to any other rewrite
These should all be accessible
www.domain.com/ABC
www.domain.com/greatfile.html
www.domain.com/ABC/greatfolder
The XYZ folder does not actually exist so placing an htaccess file in there isn't an option for me. I appreciate any assistance you can provide.
Using mod_rewrite, respond with a 403 Forbidden for any requested URL that starts /XZY and is not from the stated IP address:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !=203.0.113.111
RewriteRule ^XZY($|/) - [F]
Any blocking directive like this need to go near the top of the .htaccess file, before any existing rewrites.
NB: This assumes the client is connecting directly to your application server. However, if you are using a CDN (eg. Cloudflare), load balancer or front-end caching proxy then you may need to check another element of the request since the client is not connecting directly with your server (the proxy is).
Related
I registered a expired domain to forward all incoming links to another domain. The problem is: many inlinks are placed on subdomains, for example: axa-art.cdn.contento-v41.eu/axa-art/0eee9cec-58cb-45b2-a4e2-b5f73920068e_091216_axa+art_classic+car+study_de_rz.pdf
I am looking for a 301 redirect rule in htaccess that forward any url (no matter on main domain or subdomain) to "new-url.tld"
axa-art.cdn.contento-v41.eu
axa-art.cdn.contento-v41.eu/slug
any-subdomain.contento-v41.eu
any-subdomain.contento-v41.eu/slug
all of this example above should
forward to this exact URL: new-domain.tld
Question 1:
Is it possible to create a "general" rule and place it into htaccess of the main directory?
Question 2:
Or do i have to write a specific rule for each subdomain?
Question 3:
Do I have to create a sub-directory and create a separate htaccess in every sub-directory for each subdomain I want to add redirection-rules?
Help or suggestions are highly appreciated. Thank you very much for your help in advance.
This isn't just a .htaccess question. In order for your server to receive requests to <any-subdomain>.example.com the necessary DNS and server config directives need to be in place. If the request doesn't reach your server then you can't implement a redirect in .htaccess.
So, I suspect that these subdomains are not even resolving?
You either need to create the necessary DNS A records and ServerAlias directives one by one for each hostname (ie. subdomain) or create a "wildcard" DNS A record (and ServerAlias *.example.com directive in the vHost). But then you still have an issue with these hostnames being covered by an SSL cert if you need to redirect from HTTPS.
You can then create the necessary redirect in .htaccess. Although, since you need access to the server config (or a using a control panel that does this for you) to implement the directives above, you should also implement this redirect in the server config also.
For example, at the top of your .htaccess file, before the existing directives (or in your vHost):
RewriteEngine On
RewriteCond %{HTTP_HOST} !^new\.example$
RewriteRule ^ https://new.example%{REQUEST_URI} [R=301,L]
The above states... for any request that is not for new.example then 301 redirect to https://new.example/<same-url>.
However, if you have access to the server config and this other domain is configured in its own vHost container then the redirect can be simplified:
Redirect 301 / https://new.example/
UPDATE#1:
this rule does forward any URL form the main domain to the new domain.
# Permanent URL redirect- by netgrade
RewriteEngine on
RewriteCond %{REQUEST_URI} !https://www.marco-mahling.de/$
RewriteRule $ https://www.marco-mahling.de/ [R=302,L]
The rule I posted above should probably replace your existing rule entirely.
Yes, your rule does redirect every URL to the root of the new domain, but it is arguably incorrect. The RewriteCond directive is superflous and isn't actually doing anything. The REQUEST_URI server variable contains the URL-path, it never contains the scheme + hostname. So, the RewriteCond directive you've posted will always be successful.
If that is the rule you currently have then it would already redirect everything. In which case your problem would seem to the necessary DNS and server config directives as mentioned above.
From your directives, I assume that the other domain actually points to a different server (or different vHost on the same server). Otherwise, this would have resulted in a redirect-loop. In which case, you only need the much simpler Redirect directive that I posted above.
UPDATE#2: That works fine BUT the incoming links are still not forwarded cuz of a "%" in the url: https://axa-art.cdn.contento-v41.eu/axa-art%2F0eee9cec-58cb-45b2-a4e2-b5f73920068e_091216_axa+art_classic+car+study_de_rz.pdf
It's actually because of the %2F - an encoded slash (/) in the URL-path. By default, Apache will reject such URLs with a 404 (for security reasons).
To allow encoded slashes in the URL you would need to set AllowEncodedSlashes On in the server config (or vHost container). You cannot set this in .htaccess. (The server generated 404 occurs before .htaccess is even processed.)
However, I would express caution about enabling this feature. (Is there a specific requirement here? Are you recreating these documents on the new server?)
If this request was intended to map directly to a PDF file on disk then this actually looks like an incorrectly URL encoded request, since a slash / is not a permitted filename character on either Windows or Linux.
If you enable AllowEncodedSlashes then the above RewriteRule will redirect the request to /axa-art/0eee9cec....pdf - note the %-decoded / in the resulting URL. You would need to take additional steps to maintain the URL-encoding (if that was required), but as I say, that looks like a mistake to begin with.
I'm developing an application that is running on my domain.
All works as expected, but I cannot seem to find any good answer to my problem relating subdomains.
This application allows for different clients to register themselves and get their own "environment" inside the application.
E.g. if client1 registers himself, his environment will be at https://main.application.com/v/client1
Now, as you can see, this is quite ugly. I want him to be able to go to https://client1.application.com/ and in the background it would show him https://main.application.com/v/client1.
I've read this is possible with apache rewrite.
My case is a little bit more complex than a simple rewrite, I'm guessing. What I'm trying to achieve is this:
User goes to | Has to redirect to
client1.application.com | main.application.com/v/client1
client1.application.com/register | main.application.com/v/client1/register
client1.application.com/dashboard | main.application.com/dashboard
client1.application.com/... | main.application.com/...
As you can see, the only time I want to redirect with the /v/client1 appended to my domain, is when somebody is trying to register or trying to reach the login page for their environment. In all other scenarios, I just want to take what's behind the URL and append it to main.application.com (which is where the main app runs). I also don't want the users to notice the redirect, but that the URL in the address bar stays the same.
I've tried to come up with a bit of pseudocode that explains what I want to do:
If subdomain.application.com/ or subdomain.application.com/register
--> take subdomain and paste it like this:
main.application.com/v/SUBDOMAIN/ or main.application.com/v/SUBDOMAIN/register
Else
--> Redirect to main.application.com/URL
e.g. client1.application.com/dashboard --> main.application.com/dashboard
But I'm completely lost on how I should write it with a Rewrite.
Has anybody got experience in this matter that would be able to help me out with those rewrites here? I'm new to this and I cannot find documentation for my specific case.
Assuming that all requests to those host names ("sub domains") are handled by the same http host (by means of a ServerAlias or simply using the default fallback host) this should be pretty straight forward...
do not rewrite any requests directly to example.com or www.example.com
rewrite requests to other hosts that do not specify any path
rewrite requests to other hosts that specify the /register path
no treatment for other paths required if your http host uses the same file system layout (DOCUMENT_ROOT) for all these hosts ("sub domains")
That leaves is with this:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.example\.com$
RewriteRule ^ - [END]
RewriteCond %{HTTP_HOST} ^([^.]+)\.example\.com$
RewriteRule ^/?$ /v/%1 [END]
RewriteCond %{HTTP_HOST} ^([^.]+)\.example\.com$
RewriteRule ^/?register/?$ /v/%1/register [END]
In case you receive an internal server error (http status 500) using the rule above then chances are that you operate a very old version of the apache http server. You will see a definite hint to an unsupported [END] flag in your http servers error log file in that case. You can either try to upgrade or use the older [L] flag, it probably will work the same in this situation, though that depends a bit on your setup.
This implementation will work likewise in the http servers host configuration or inside a dynamic configuration file (".htaccess" file). Obviously the rewriting module needs to be loaded inside the http server and enabled in the http host. In case you use a dynamic configuration file you need to take care that it's interpretation is enabled at all in the host configuration and that it is located in the host's DOCUMENT_ROOT folder.
And a general remark: you should always prefer to place such rules in the http servers host configuration instead of using dynamic configuration files (".htaccess"). Those dynamic configuration files add complexity, are often a cause of unexpected behavior, hard to debug and they really slow down the http server. They are only provided as a last option for situations where you do not have access to the real http servers host configuration (read: really cheap service providers) or for applications insisting on writing their own rules (which is an obvious security nightmare).
I have a server that I can access in browser through the domain name (secured with SSL) and the server IP address.
I would like to disable access with the server ip address:
http://123.45.678.901/ and https://123.45.678.901/
How can I do that ?
OK found the complete solution here via htaccess file and 2 rules :
RULE 1: Redirect all requests to secure HTTPS access (including ip request http://123.45.678.901 )
RewriteCond %{HTTPS} !on
RewriteRule (.*) https://domain.com/$1 [L,R=301,QSA]
RULE 2: If the domain or subdomain is not exactly domain.com redirect to bare domain (mandatory to catch https://123.45.678.901/any-page for example)
Using redirect all wildcard subdomains to root domain
RewriteCond %{HTTP_HOST} !^domain\.com$ [NC]
RewriteRule (.*) https://domain.com/$1 [L,R=302,QSA]
All tests results here :
http://123.45.678.901/ > now redirect to https://domain.com/
https://123.45.678.901/ > now redirect to https://domain.com/
http://123.45.678.901/any-page > 404 > https://domain.com/index.php?p=any-page
https://123.45.678.901/any-page > 404 > https://domain.com/index.php?p=any-page
What are you trying to accomplish by blocking the IP access to the website? It is really the same thing. We only use nice looking domain names or host names for the benefit of humans. Whether you type in the domain name or IP is the exact same thing as someone can simply ping your hostname and get the IP address anyway.
If you want to enforce SSL simply do it for the host so that all access attempts require SSL. You can use apache mod_rewrite to accomplish this: https://www.sslshopper.com/apache-redirect-http-to-https.html
What you're asking for may not be possible, unless I'm not understanding the problem correctly. It's like saying I want someone to be able to send mail to my house only using my address but not my postal code, when the postal code effectively gives you the address.
Anyway hope this helped.
If you want to make it possible for users to access your site (server) through the domain name while accessing the corresponding IP address is disabled in order to disable the access to phpmyadmin through the IP address, it is impossible and not a good way to achieve what you want.
Roughly speaking, domain name is the human readable and memorable form of IP address, and when we type the domain name (e.g., http://google.com) on the browser, the domain name is converted to corresponding IP address by the DNS (domain name service) server, and the browser tries to connect to the IP address given by DNS. Eventually, trying to connect via domain name and IP address internally works the same way.
To remove the access of phpmyadmin from the other users and attackers, configuring the access control is right way. Try:
Use secure passwords for mysql users
Limit the permission of the mysql users according to the purpose of the mysql users. (Using the root user for all purpose and application is not a good way.)
If you correctly configure the above points, attackers can't access your database even if they know the URL of phpmyadmin.
To make sure that a redirect takes place only when someone is browsing with the ip of the server, I did the following (Ubuntu 20.04 - commands and paths may differ, if you use another OS):
Create a noip.conf file in /etc/apache/conf-available/ folder with this content:
<If "%{HTTP_HOST} =~ /12\.34\.56\.78/">
RewriteEngine on
RewriteRule ^ http://my.domain.com [L,R=301]
</If>
Enable the configuration and restart apache:
a2enconf noip
apachectl restart
The above will not work if someone types in the ip using https. They will get a "Your connection is not private" message. Then if they click "Proceed to 12.34.56.78", they will get the first matching ssl enabled virtual host. Make sure that this host is the one you want it to be.
You should also check if other applications on the server are listening on alternative ports, since someone could type in 12.34.56.78:999.
I have two apache virtual hosts within the same domain (and on same physical system):
old.example.com
new.example.com
I'd like to be able to transparently rewrite or map certain old url's to new. Example:
A request for http://old.example.com/foo would actually result in a request for http://new.example.com/foo
I want the http client (browser) to be unaware of the rewrite...in other words, I'm not looking to redirect. And, I only want to rewrite specific url's.
What can I add to either the virtual host or htaccess file(s) to accomplish this?
I guess you could set up your virtual hosts via mod_rewrite and then simply add those rewriting steps to the configuration.
If, however, all you are trying to do is to re-use some things you have in the file system, without any magic in your config files, I would use symbolic links instead. (I have no idea if there are any equivalents for windows servers, though.)
I found the answer here: http://httpd.apache.org/docs/2.0/misc/rewriteguide.html in the section titled Dynamic Mirror. I added this to my htaccess on http://old.example.com :
RewriteEngine on
RewriteBase /
RewriteRule ^foo http://new.example.com/foo [P]
The feature flag P tells the rule to use Proxy Throughput.
I have a requirement that I want to check the request headers and according to that I want to forward the incoming request to appropriate sub domain of my company.
For example:
request header A is coming then it goes to a.domain.com always (no matter request comes to a.domain.com or b.domain.com)
Similarly request header B is coming then it goes to b.domain.com always.
Although I can do this by changing my application (checking the request headers in it) and then forwarding the request but I want that instead of request reaching application server, it should be handled by web server at the first.
Is there something available (some way like CGI) which can handle IIS as well as Apache both as my company has sub domains hosting applications on these two.
Any help is greatly appreciated. Thanks
In Apache you can use mod_rewrite to direct the request to another domain, something like the following perhaps:
rewriteEngine on
rewriteBase /
rewriteCond %{HTTP_HOST} ^A$
rewriteRule ^(.*) http://a.domain.com/$1 [L,R=301]
This needs to be scoped appropriately by putting it in a .htaccess file in the appropriate directory or in a site configuration element.
IIS (depending on the version) also supports a rewrite module. For IIS 6 you can look at IIRF which has a syntax similar to mod_rewrite. For IIS 7 take a look at the URL Rewrite Module which has a simple GUI that imports mod_rewrite rules.