.htaccess
'Deny from all' all files except index.php and current directory ./
Hi all, I'm trying for too much time a stupid thing that had to work but i don't know how to do it.
In this way i can give 403 error to users for all files except index.php page (images and CSS also)
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
<Files /index.php>
Order Allow,Deny
Allow from all
</Files>
But I want to add also the current directory [./] to allowed search
How to do it? Plz 🔥
Because if I search THIS URL from my browser --> https://hostname.com/403dir/ it gives me 403 error and I don't want it.
TNKS
With your shown samples, could you please try following. Make sure your htaccess file is in your root path(besides 403dir path NOT inside 403dir).
Please make sure to clear your browser cache before testing your URLs.
RewriteEngine ON
RewriteCond %{REQUEST_URI} !^/403dir/?$ [NC]
RewriteCond %{REQUEST_URI} !index\.php$ [NC]
RewriteRule ^ - [F,L]
OR use a single condition itself as follows, make sure either you use above solution OR following solution only at a time please.
RewriteEngine ON
RewriteCond %{REQUEST_URI} !(^/403dir|index\.php$) [NC]
RewriteRule ^ - [F,L]
Related
I have next .htaccess in root directory
RewriteEngine on
RewriteRule ^$ index.php [L]
Order Deny,Allow
Deny from all
<Files index.php>
Allow from all
</Files>
And get Page 403 Forbidden for www.example.com instead of www.example.com/index.php.
URL www.example.com/index.php is available.
Access to all files in the root directory is closed. These files are generated by scripts, the file names are unknown.
How to fix it?
<Files index.php>
Allow from all
</Files>
Try the following instead:
<FilesMatch "^(index\.php)?$">
Allow from all
</FilesMatch>
UPDATE: Added missed anchors!
(Although I would assume you are on Apache 2.4, so you should be using the corresponding Require directives instead of Order, Deny and Allow.)
Alternatively, replace all you existing directives with the following:
DirectoryIndex index.php
RewriteEngine On
RewriteRule !^(index\.php)?$ - [F]
This allows access to both example.com/ and example.com/index.php. To block direct access to index.php then try the following instead:
RewriteRule ^[^/]+$ - [F]
mod_dir (ie. "DirectoryIndex") is processed after mod_rewrite.
RewriteRule ^$ index.php [L]
This rule is redundant, it should be handled by DirectoryIndex instead.
UPDATE:
RewriteRule !^(index.php)?$ - [F] works, but I add RewriteRule !^(index2.php)?$ - [F] for second file index2.php and It dont work... I am getting 403 error for www.example.com/index2.php... I need access to several files
By adding another rule it would end up blocking both URLs. Since one or other rule will always be successful.
You can use regex alternation in a single rule. For example:
RewriteRule !^(index\.php|index2\.php)?$ - [F]
The same regex could be used in the <FilesMatch> container above.
Or, if you have many such exceptions, it might be more readable to have multiple conditions. For example:
RewriteCond %{REQUEST_URI} !=index.php
RewriteCond %{REQUEST_URI} !=index2.php
RewriteCond %{REQUEST_URI} !=index3.php
RewriteRule !^$ - [F]
Note, however, like your original rule, this also blocks URLs in "subdirectories", not just the root directory.
Let me start by saying that my knowledge of Apache is almost none, so I apologize if I am not using the correct terminology.
I have a website written in Vue, and the routing is taken care by Vue Router. In their documentation, they specify that in order for the router to work correctly, you have to put this in the .htaccess file of your website:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.html [L]
</IfModule>
From what I have been able to understand, all requests are sent back to the index.html file which will take care of loading the correct component based on the path.
My goal is to now allow my website to have a path (let's say /documents) which is not picked up by Vue, but instead shows the contents of the directory and allows you to both navigate and download the contents (Like this).
I have tried a few ways, but they all return a 403 or 500 (possibly due to a mistake in my config). I understand that I need to add a RewriteRule but all of those that I tried return weird errors.
Thanks in advance
You can have multiple rewrite rules based on what the RewriteBase is . In your current set, the rule is applying to the root of the host.
You can add another rule with RewriteBase /documents/. More info: What does RewriteBase do and how to use it?
I recommend reading the docs: https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html
The RewriteCond directive defines a rule condition.
So here a dirty explanation:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
So your RewriteConds says that if the given path/url isn't a file (!-f) and not a directory (!-d) then the next rewrite rule (RewriteRule . /index.html [L]) takes action.
RewriteRule . /index.html [L]
"." is a wildcard, so all urls will be redirect to index.html.
The [L] flags stops the execution (https://httpd.apache.org/docs/2.4/rewrite/flags.html#flag_l)
The RewriteRule ^index\.html$ - [L] stops the execution if the url is index.html.
So, your rewrite rule fulfill your requirements and seems correct.
When you get a 403 you maybe need to add Options +Indexes to your config or htaccess.
In the end, after looking through the docs, I was not able to understand how to set it up. I found this page, and using option #2 I was able to get the directory to at least show up.
I then added the auth to the folder through the .htaccess file and added the .htpasswd file with the username/password combo
TLDR
Create the folder in the location you want. In my case it was in httpdocs/documents
Create a .htaccess file where you put the following contents:
# Omit this section if you do not need the auth
AuthType Basic
AuthName "restricted area"
AuthUserFile /path/to/your/.htpasswd
require valid-user
Order allow,deny
Allow from all
Options +Indexes
Create the .htpasswd file in the location you specified above. To generate the username/password combo I used this
Any corrections are welcome!
I am trying to redirect one of my urls to the parent folder using .htaccess file. I have tried the following rule
RewriteRule ^test/(.+)$ /test/ [L,R=301]
found from htaccess wildcard redirect to parent folder but it is not working (logs show too many redirects).
I also tried the other rules below but none of them worked
RewriteBase /
RewriteCond %{REQUEST_URI} !=/test/
RewriteRule ^(.*) /test/ [END,NC]
or
RewriteEngine on
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^test/(.+)$ /test/ [L,R=301]
The OS is ubuntu server. Any help or pointers is appreciated. Please let me know if I can furnish any other details to debug. Thanks
Following should work considering the parent directory is test
RewriteEngine On
RewriteRule ^(test/).* /$1 [R=301,L]
Add this to disable MultiViews:
Options -MultiViews
The Apache docs on mod_negotiation, describes what the Multiviews Option does, when enabled:
If the
server receives a request for /some/dir/foo and /some/dir/foo does not
exist, then the server reads the directory looking for all files named
foo.*, and effectively fakes up a type map which names all those
files, assigning them the same media types and content-encodings it
would have if the client had asked for one of them by name. It then
chooses the best match to the client's requirements, and returns that
document.
Use:
Options -MultiViews
RewriteEngine on
RewriteRule ^test/(.+)$ /test/ [NC,L,R=301]
In your specific folder
RewriteEngine On
RewriteRule ^rootFName(.*) /rFile.php [QSA,R=301,L]
On my wiki I would like redirect all queries (for example http://mywikiofme.com/images/... ) to a php script script.php
I put this in my virtual host :
RewriteEngine on
RewriteRule ^images/(.*)$ /script.php?url=$1
But it doesn't work if the folder already exist on the server...
If I test :
RewriteEngine on
RewriteRule ^foldernotexist/(.*)$ /script.php?url=$1
The redirection to script.php works fine.
I think I need to use a flag but I don't know which one.
Ideas ?
Thanks
Theoretically - should work =)
<Directory "/htdocs/images">
RewriteEngine on
RewriteBase /images/
RewriteRule ^(.*)$ /script.php?url=$1 [L,QSA]
</Directory>
Where "/htdocs/images" is your path to images folder
I am using Zend Server CE (v.5.1.0) installed on C: on a Win7 machine. I have added one project to httpd.conf by adding:
Alias /project "D:\Homepages\project"
<Directory "D:\Homepages\project">
Options Indexes FollowSymLinks
AllowOverride all
Order allow,deny
Allow from all
</Directory>
My .htaccess file in the project directory contains the following:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_URI} ^/\w*\.(css|js) [NC]
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ index.php [NC,L]
Now to the problem; if I go to
http://localhost/project/index.php
everything seems to be working fine. I reach the index.php file and get my contents.
However, if I go to any other page that would trigger the RewriteRule, it seems to be adding the directory path. FireFox outputs the following Not Found message:
The requested URL /Homepages/project/index.php was not found on this server.
I tried to find a similar question/answer here, but failed. Any idea?
Ps. Me accepting of an answer might be delayed as I will be out for a while on an errand.
You need to set the RewriteBase directive; otherwise, mod_rewrite automatically, and by default, prepends the file path to the resulting rewrite rule.
From: http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html
When a substitution occurs for a new URL, this module has to re-inject the URL into the server processing. To be able to do this it needs to know what the corresponding URL-prefix or URL-base is. By default this prefix is the corresponding filepath itself. However, for most websites, URLs are NOT directly related to physical filename paths, so this assumption will often be wrong! Therefore, you can use the RewriteBase directive to specify the correct URL-prefix.
If your webserver's URLs are not directly related to physical file paths, you will need to use RewriteBase in every .htaccess file where you want to use RewriteRule directives.
Have your last line like this:
RewriteRule ^.*$ /index.php [NC,L]
However I think this is infinite loop so I would suggest this rule instead:
RewriteCond %{THE_REQUEST} !\s/index.php [NC]
RewriteCond %{REQUEST_URI} !^/index.php [NC]
RewriteRule . /index.php [L]
which prevents going to index.php if it is already /index.php.