I want to host a vue app on an Apache server - for learning purpose.
For that I want Apache to support the Vue router and also I want that it is not possible to access source files via URL.
To support the router I added the following lines to my httpd.conf file:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.html [L]
</IfModule>
Vue documentation
So that is working. But now I want to prevent the access of my source files via URL. So I tried the approach from this answer:
https://stackoverflow.com/a/10236791/9838670
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]
For testing I added CSS files to the rewrite rule
RewriteRule \.(gif|jpg|css)$ - [F]
But then my index.html could not access the files, too.
Anyone an idea how to fix this?
My settings for the directory root. Also I am loading the module for the rewrite engine.
LoadModule rewrite_module modules/mod_rewrite.so
DocumentRoot "../../dist/"
<Directory "../../dist/">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# AllowOverride FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Require all granted
# THIS DOES NOT WORK
# Rewrite engine
# RewriteEngine on
# RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost [NC]
# RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost.*$ [NC]
# RewriteRule \.(gif|jpg|css)$ - [F]
# RedirectMatch "^/$" "/home"
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.html [L]
</IfModule>
</Directory>
Let's say Apache document root is set to DocumentRoot "/folder_one/folder_two"
Placing files in a folder_one will prevent people browsing your apache server and requesting the files directly.
Place index file in folder_two and include some code such as PHP to tell apache to include whatever files you want from folder_one.
In this manor Apache will still be able to serve whatever files you want from folder_one and people will not be able to request the files directly as the are located in a directory above the Apache document root.
Related
I'm trying to setup Kirby locally using MAMP. My MAMP setup I have it so I can point run multiple sites as virtual hosts. I use this code:
NameVirtualHost *
<VirtualHost *>
DocumentRoot "/Applications/MAMP/htdocs"
ServerName localhost
</VirtualHost>
<VirtualHost *>
DocumentRoot "/Users/oscargodson/Dropbox/projects/icarus"
ServerName dev.icarus
</VirtualHost>
When I go to dev.icarus the initial page loads totally fine. All the CSS, images, everything. Once I try to go to a subpage, including the panel, I get the 404. I know for sure the htaccess file is in the folder. I tried using the git install and the manual zip install. I also made sure in in my httpd.conf file I have rewrite turned on
LoadModule rewrite_module modules/mod_rewrite.so
I'm not sure what else to look up. Googling just kept returning results for htaccess file being missing.
EDIT
Here's the htaccess file per request. It is the default one that works if I keep my project inside of the htdocs directory in MAMP. I tried uncommenting the RewriteBase and making it just / (a total guess) but that didn't help at all.
# Kirby .htaccess
# rewrite rules
<IfModule mod_rewrite.c>
# enable awesome urls. i.e.:
# http://yourdomain.com/about-us/team
RewriteEngine on
# make sure to set the RewriteBase correctly
# if you are running the site in a subfolder.
# Otherwise links or the entire site will break.
#
# If your homepage is http://yourdomain.com/mysite
# Set the RewriteBase to:
#
# RewriteBase /
# block text files in the content folder from being accessed directly
RewriteRule ^content/(.*)\.(txt|md|mdown)$ index.php [L]
# block all files in the site folder from being accessed directly
RewriteRule ^site/(.*) index.php [L]
# block all files in the kirby folder from being accessed directly
RewriteRule ^kirby/(.*) index.php [L]
# make panel links work
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^panel/(.*) panel/index.php [L]
# make site links work
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*) index.php [L]
</IfModule>
# Additional recommended values
# Remove comments for those you want to use.
#
# AddDefaultCharset UTF-8
#
# php_flag short_open_tag on
Mike Rockett in the comments pointed me in the right direction. In the httpd.conf file I had to change
<Directory />
Options Indexes FollowSymLinks
AllowOverride None
</Directory>
to
<Directory />
Options Indexes FollowSymLinks
AllowOverride All
</Directory>
Then I restarted MAMP and it worked!
I work on apache2 server. I am trying to display webpages on my website without the file extension .php using the following .htaccess file:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php
# 1 ---- Establish a custom 404 File not Found page ----
ErrorDocument 404 /filenotfound.php
# 2 ---- Prevent directory file listing in all of your folders ----
IndexIgnore *
It is simply not working. I still see my webpages with .php extension in my browser.
I have mod rewrite module loaded and also I made changes in apache2.conf file as follows:
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
Also my .htaccess file is doing other jobs (i.e. redirecting the 404 to filenotfound.php ) without any problem. So why is this rewrite rule not working? How can I possibly debug the .htaccess file?
I still see my webpages with .php extension in my browser.
Well you don't even have a rule to redirect a request with .php to a URL without it.
Have your rules as this:
# 1 ---- Establish a custom 404 File not Found page ----
ErrorDocument 404 /filenotfound.php
# 2 ---- Prevent directory file listing in all of your folders ----
IndexIgnore *
RewriteEngine On
## hide .php extension
# To externally redirect /dir/file.php to /dir/file
RewriteCond %{THE_REQUEST} \s/+(.+?)\.php[\s?] [NC]
RewriteRule ^ /%1 [R=302,L,NE]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{DOCUMENT_ROOT}/$1\.php -f [NC]
RewriteRule ^(.+?)/?$ /$1.php [L]
I have a server that serves several domains from a single IP address using Apache's Virtual Host shenanigans. Three of the sites are required to redirect to www if it's omitted from the URL.
I have the following rule in the .htaccess file of each domain:
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^www\..+$ [NC]
RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
This works for two of the three, but the third completely fails to comply. I know that the .htaccess is being hit because the framework requires all hits to be routed through index.php... and that is happening correctly. So, it's not permissions, and the .htaccess is identical (more or less) on each domain. I even looked into caching (even though that doesn't make any sense... desperation gives way to insanity!)
Please help me if you have any clue what is going on.
As requested, here's the complete vhost config, and .htaccess file...
vhost configuration:
<VirtualHost *:80>
ServerAdmin me#gmail.com
DocumentRoot /var/www/example.com
ServerName www.example.com
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/example.com>
Options FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
.htaccess file:
# BEGIN example.com
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^www\..+$ [NC]
RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteBase /
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [S=40]
####################################################
# If requested URL-path plus ".php" exists as a file
RewriteCond %{DOCUMENT_ROOT}/$1.php -f
# Rewrite to append ".php" to extensionless URL-path
RewriteRule ^(([^/]+/)*[^.]+)$ /$1.php [L]
####################################################
# redirect to RoutingHandler
RewriteRule ^.*$ /index.php [NC,L]
</IfModule>
# END example.com
Bear in mind, there are two other domains set up in an identical manner... and they both work with zero issues.
I know this is an old question, but google brought me here while looking for answers on the same problem.
After searching through apache's documentation I found:
AllowOverride Directive
When this directive is set to None, then .htaccess files are completely ignored. In this case, the server will not even attempt to read .htaccess files in the filesystem.
So I changed "AllowOverride None" to "AllowOverride All" in the <Directory /var/www/example.com> section and it worked.
I am trying to use TYPO3 on a WAMP system but i'm having problems with the rewritten URLs.
I have installed the introduction package which has a "get-started" website. Everytime i try to access the website through one of these:
localhost/typo3
localhost/typo3/index.php
localhost/typo3/index.php/get-started
the url becomes localhost/typo3/get-started
Which is okay and it means mod_rewrite is on and working. The problem is that i can't see the site localhost/typo3/get-started and i have an "Object not found" page instead.
I have the same issue on the same machine with Symfony 1.4 but i never cared about that because on Symfony i can use the frontend_dev.php page to access the site (on my production environment rewritten URLs work fine instead).
This is the httpd.conf entry for the TYPO3 directory:
Alias /typo3 "C:\workspace\typo3"
<Directory "C:\workspace\typo3">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
</Directory>
And this is the .htaccess file (which was already inside the TYPO3 package and i haven't modified), i have removed the non related parts
### Begin: Settings for mod_rewrite ###
# You need rewriting, if you use a URL-Rewriting extension (RealURL, CoolUri, SimulateStatic).
<IfModule mod_rewrite.c>
# Enable URL rewriting
RewriteEngine On
# Change this path, if your TYPO3 installation is located in a subdirectory of the website root.
#RewriteBase /
# Rule for versioned static files, configured through:
# - $TYPO3_CONF_VARS['BE']['versionNumberInFilename']
# - $TYPO3_CONF_VARS['FE']['versionNumberInFilename']
# IMPORTANT: This rule has to be the very first RewriteCond in order to work!
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)\.(\d+)\.(php|js|css|png|jpg|gif|gzip)$ $1.$3 [L]
# Stop rewrite processing, if we are in the typo3/ directory.
# For httpd.conf, use this line instead of the next one:
# RewriteRule ^/TYPO3root/(typo3/|t3lib/|fileadmin/|typo3conf/|typo3temp/|uploads/|favicon\.ico) - [L]
RewriteRule ^(typo3/|t3lib/|fileadmin/|typo3conf/|typo3temp/|uploads/|favicon\.ico) - [L]
# Redirect http://example.com/typo3 to http://example.com/typo3/index_re.php and stop the rewrite processing.
# For httpd.conf, use this line instead of the next one:
# RewriteRule ^/TYPO3root/typo3$ /TYPO3root/typo3/index.php [L]
RewriteRule ^typo3$ typo3/index_re.php [L]
# If the file/symlink/directory does not exist => Redirect to index.php.
# For httpd.conf, you need to prefix each '%{REQUEST_FILENAME}' with '%{DOCUMENT_ROOT}'.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
# Main URL rewriting.
# For httpd.conf, use this line instead of the next one:
# RewriteRule .* /TYPO3root/index.php [L]
RewriteRule .* index.php [L]
</IfModule>
### End: Settings for mod_rewrite ###
Solved, the problem was on the easyphp settings because i wasn't using its DocumentRoot (but just using aliases), changing the DocumentRoot to the one where i keep my projects solved it
You should change the #RewriteBase / to RewriteBase /typo3/ as described inside the .htaccess file.
I'm using CodeIgniter on a Windows machine using the Zend Comunity Server with apache. My apache is properly configured to handle .htaccess directives and mod_rewrite is enabled (httpd.conf):
<Directory />
Options FollowSymLinks
AllowOverride FileInfo
Order deny,allow
Deny from all
</Directory>
My root is C:\www\ and my site is located in C:\www\david\ and when I type http://localhost/david/, the index.php is loaded along with the correct controller. I want to access my things directly through http://localhost/david/Articles/ instead of http://localhost/david/index.php/Articles/. To do this I have to use apache rewrite module.
To do so, I've placed a .htaccessfile in the C:\www\david\ folder. This file contains code I found on here :
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /david/
#Removes access to the system folder by users.
#Additionally this will allow you to create a System.php controller,
#previously this would not have been possible.
#'system' can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} ^core.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#When your application folder isn't in the system folder
#This snippet prevents user access to the application folder
#Submitted by: Fabdrol
#Rename 'application' to your applications folder name.
RewriteCond %{REQUEST_URI} ^application.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn't true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
</IfModule>
<IfModule !mod_rewrite.c>
# If we don't have mod_rewrite installed, all 404's
# can be sent to index.php, and everything works as normal.
# Submitted by: ElliotHaughin
ErrorDocument 404 /index.php
</IfModule>
I made a couple of changes to the code since my configuration is a bit different from the default. I'm not on the root so : 'RewriteBase /davidfrancoeur.com/' and I've renamed the CodeIgniter system folder for additional security so :
RewriteCond %{REQUEST_URI} ^core.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
With this done, anything should work properly, I should be able to access http://localhost/david/Articles/ without a problem and I think I shouldn't be able to reach http://localhost/david/core/config/config.php directly.
Unfortunately, it doesn't work, it doesn't even look like any rewriting is done. Do you see if I'm doing something wrong here? Is there a way to know if apache actually rewrite anything?
Thanks a lot. And yes I looked at the millions of article I could found about this... :(
EDIT
CI 2.0.2, PHP 5.3, Apache 2.2
It will work.....actually your first two rewrite conditions and rules are working but in third rewrite condition you are allowing user to access request file ,even if it is core or system file.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !^core.*
RewriteCond %{REQUEST_FILENAME} !^system.*
RewriteRule ^(.*)$ index.php?/$1 [L]
Edit: Fixed 'rewrite' typo
After looking carefully into the httpd.conf of my Zend Community Server, I realized that there was two <Directory />instruction. The first one was empty as shown in the question and the second one looked like that :
<Directory "C:\Dropbox\www">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
I changed the following line AllowOverride None to AllowOverride All` and it worked. For those who would like to know more about URL rewrite with CodeIgniter look there : http://codeigniter.com/wiki/mod_rewrite/
And to understand properly what AllowOverridedoes read : http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride
Thanks again to ever helped!
ppet prevents user access to the application folder
#Submitted by: Fabdrol
#Rename 'application' to your applications folder name.
RewriteCond %{REQUEST_URI} ^application.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn't true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]