I have a htaccess file that is forcing http:// connections to https:// however if the user happens to come along to my site at http://example.com/some-page instead of redirect to the same url but on https:// it redirects the user to the home page on a https connection why is this?
Below is my .htaccess,
#
# Apache/PHP/Drupal settings:
#
# Protect files and directories from prying eyes.
<FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig\.save)$">
Order allow,deny
</FilesMatch>
# Don't show directory listings for URLs which map to a directory.
Options -Indexes
# Follow symbolic links in this directory.
Options +FollowSymLinks
# Make Drupal handle any 404 errors.
ErrorDocument 404 /index.php
# Set the default handler.
DirectoryIndex index.php index.html index.htm
# Override PHP settings that cannot be changed at runtime. See
# sites/default/default.settings.php and drupal_environment_initialize() in
# includes/bootstrap.inc for settings that can be changed at runtime.
# PHP 5, Apache 1 and 2.
<IfModule mod_php5.c>
php_flag magic_quotes_gpc off
php_flag magic_quotes_sybase off
php_flag register_globals off
php_flag session.auto_start off
php_value mbstring.http_input pass
php_value mbstring.http_output pass
php_flag mbstring.encoding_translation off
</IfModule>
# Requires mod_expires to be enabled.
<IfModule mod_expires.c>
# Enable expirations.
ExpiresActive On
# Cache all files for 2 weeks after access (A).
ExpiresDefault A1209600
<FilesMatch \.php$>
# Do not allow PHP scripts to be cached unless they explicitly send cache
# headers themselves. Otherwise all scripts would have to overwrite the
# headers set by mod_expires if they want another caching behavior. This may
# fail if an error occurs early in the bootstrap process, and it may cause
# problems if a non-Drupal PHP file is installed in a subdirectory.
ExpiresActive Off
</FilesMatch>
</IfModule>
# Various rewrite rules.
<IfModule mod_rewrite.c>
RewriteEngine on
# Set "protossl" to "s" if we were accessed via https://. This is used later
# if you enable "www." stripping or enforcement, in order to ensure that
# you don't bounce between http and https.
RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
# Make sure Authorization HTTP header is available to PHP
# even when running as CGI or FastCGI.
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Block access to "hidden" directories whose names begin with a period. This
# includes directories used by version control systems such as Subversion or
# Git to store control files. Files whose names begin with a period, as well
# as the control files used by CVS, are protected by the FilesMatch directive
# above.
#
# NOTE: This only works when mod_rewrite is loaded. Without mod_rewrite, it is
# not possible to block access to entire directories from .htaccess, because
# <DirectoryMatch> is not allowed here.
#
# If you do not have mod_rewrite installed, you should remove these
# directories from your webroot or otherwise protect them from being
# downloaded.
RewriteRule "(^|/)\." - [F]
# If your site can be accessed both with and without the 'www.' prefix, you
# can use one of the following settings to redirect users to your preferred
# URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
#
# To redirect all users to access the site WITH the 'www.' prefix,
# (http://example.com/... will be redirected to http://www.example.com/...)
# uncomment the following:
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#
# To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.example.com/... will be redirected to http://example.com/...)
# uncomment the following:
# RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
# RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301]
# Modify the RewriteBase if you are using Drupal in a subdirectory or in a
# VirtualDocumentRoot and the rewrite rules are not working properly.
# For example if your site is at http://example.com/drupal uncomment and
# modify the following line:
# RewriteBase /drupal
#
# If your site is running in a VirtualDocumentRoot at http://example.com/,
# uncomment the following line:
# RewriteBase /
# Pass all requests not referring directly to files in the filesystem to
# index.php. Clean URLs are handled in drupal_environment_initialize().
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^ index.php [L]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Rules to correctly serve gzip compressed CSS and JS files.
# Requires both mod_rewrite and mod_headers to be enabled.
<IfModule mod_headers.c>
# Serve gzip compressed CSS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.css $1\.css\.gz [QSA]
# Serve gzip compressed JS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.js $1\.js\.gz [QSA]
# Serve correct content types, and prevent mod_deflate double gzip.
RewriteRule \.css\.gz$ - [T=text/css,E=no-gzip:1]
RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]
<FilesMatch "(\.js\.gz|\.css\.gz)$">
# Serve correct encoding type.
Header set Content-Encoding gzip
# Force proxies to cache gzipped & non-gzipped css/js files separately.
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>
</IfModule>
# Add headers to all responses.
<IfModule mod_headers.c>
# Disable content sniffing, since it's an attack vector.
Header always set X-Content-Type-Options nosniff
</IfModule>
AddType x-httpd-php7 .php
Modify your HTTP to HTTPS rule:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
to this:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
or this:
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
This is my go to code. I put right under RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}].
# Force SSL
# Source: https://stackoverflow.com/questions/26620670
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
Related
Site is zen cart. Trying to add
<embed src="pdf/timetable.pdf" height="1000" width="900"></embed>
to an ezpage.
As soon as I click to update, I get a warning:
Forbidden
You don't have permission to access this resource.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
I checked cPanel logs and it shows
[Mon Nov 25 08:32:31.650242 2019] [access_compat:error] [pid 249998:tid 139962720311040] [client xxx.xxx.xx.xx:xxxxx] AH01797: client denied by server configuration: /home/mysitefolder/public_html/403.shtml, referer: http://example.com/admindir/ezpages.php?page=1&ezID=17&action=new
I checked htaccess, and in root htaccess file it has
# BEGIN CEON URI MAPPING REWRITE RULE
RewriteEngine On
# Don't rewrite any URIs ending with a file extension (ending with .[xxxxx])
RewriteCond %{REQUEST_URI} !\.[a-z]{2,5}$ [NC]
# Don't rewrite any URIs for some, popular specific file format extensions,
# which are not covered by main file extension condition above
RewriteCond %{REQUEST_URI} !\.(mp3|mp4|h264)$ [NC]
# Don't rewrite any URIs for some specific file format extensions,
# which are not covered by main file extension condition above
# Uncomment the following line to apply this condition! (Remove the # at the start of the next line)
#RewriteCond %{REQUEST_URI} !\.(3gp|3g2|h261|h263|mj2|mjp2|mp4v|mpg4|m1v|m2v|m4u|f4v|m4v|3dml)$ [NC]
# Don't rewrite admin directory
RewriteCond %{REQUEST_URI} !^/admindir [NC]
# Don't rewrite editors directory
RewriteCond %{REQUEST_URI} !^/editors/ [NC]
# Don't rewrite logs directory
RewriteCond %{REQUEST_URI} !^/logs/ [NC]
# Don't rewrite js directory
RewriteCond %{REQUEST_URI} !^/js/ [NC]
# Don't rewrite cgi-bin directory
RewriteCond %{REQUEST_URI} !^/cgi\-bin/ [NC]
# Don't rewrite ajax directory
RewriteCond %{REQUEST_URI} !^/ajax/ [NC]
# Don't rewrite kta directory
RewriteCond %{REQUEST_URI} !^/jrq/ [NC]
# Don't rewrite oexport directory
RewriteCond %{REQUEST_URI} !^/oexport/ [NC]
# Don't rewrite min directory
RewriteCond %{REQUEST_URI} !^/min/ [NC]
# Don't rewrite tempEP directory
RewriteCond %{REQUEST_URI} !^/tempEP/ [NC]
# Don't rewrite bmz_cache directory
RewriteCond %{REQUEST_URI} !^/bmz_cache/ [NC]
# Don't rewrite pdf directory
RewriteCond %{REQUEST_URI} !^/pdf/ [NC]
# Don't rewrite htmlincludes directory
RewriteCond %{REQUEST_URI} !^/htmlincludes/ [NC]
# Handle all other URIs using Zen Cart (its index.php)
RewriteRule .* index.php [QSA,L]
## END CEON URI MAPPING REWRITE RULE
Then in the admin directory, there is another htaccess file containing
DirectoryIndex index.php
# deny *everything*
<FilesMatch ".*\..*">
Order Allow,Deny
Deny from all
</FilesMatch>
# but now allow just *certain* necessary files:
<FilesMatch "(^$|^favicon.ico$|.*\.(php|js|css|jpg|gif|png|pdf)$)">
Order Allow,Deny
Allow from all
</FilesMatch>
IndexIgnore */*
# The following makes adjustments to the SSL protocol for Internet Explorer browsers
<IfModule mod_setenvif.c>
<IfDefine SSL>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
</IfDefine>
</IfModule>
#turn off X-PHP-Originating-Script header when sending emails from admin
#uncomment to activate:
# php_flag mail.add_x_header Off
Can anyone suggest what might be the problem here? Do I need to add something else to an htaccess file, or does my host need to change something in apache config?
The problem is, I can access my page on
http://domain.com:8080/
But when I try to go to admin
http://domain.com:8080/admin
404 Error
But when I add:
http://domain.com:8080/index.php/admin
It works
I need to set it up working as this
http://domain.com:8080/admin
My virtualHost looks like
<VirtualHost domain.com:8080>
DocumentRoot "C:\xampp\htdocs\magento\magento"
ServerName domain.com
<Directory "C:\xampp\htdocs\magento\magento">
Require all granted
Allow from all
</Directory>
I was already checking in:
File: app/code/core/Mage/Core/Controller/Varien/Router/Standard.php -> _validateControllerClassName
But it doesn't simply go there
Any suggestions?
It should work when you have the standard .htaccess file in your project root. The following configuration should rewrite everything which is not pointing to a real file to the index.php.
<IfModule mod_rewrite.c>
############################################
## enable rewrites
Options +FollowSymLinks
RewriteEngine on
############################################
## you can put here your magento root folder
## path relative to web root
RewriteBase /
############################################
## workaround for HTTP authorization
## in CGI environment
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
############################################
## always send 404 on missing files in these folders
RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
############################################
## never rewrite for existing files, directories and links
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
############################################
## rewrite everything else to index.php
RewriteRule .* index.php [L]
</IfModule>
But it will only work if you have mode_rewrite enabled.
Hello a couple months ago I started a website project, after weeks last night I continued developing it on my windows pc were everything worked fine.
Today I ported it to ubuntu 12.04 lts and after starting up my apache / mysql tried to hit some website urls.(set up with vhost like so: tms.localhost/path...)
The Issue I'm facing and I have no idea why is that the clean urls and the mod_rewrite doesn't seem to work. My custom php redirection - page loading script isn't being called anymore(index.php).
Here is the htaccess that is unchanged since day 1. Need to mention that works only if I just enter the vhost url like so http://tms.localhost/ if i add anything after that I get the default apache 404 page.
#Debugging - Error reporting
php_flag display_startup_errors on
php_flag display_errors on
php_flag html_errors on
#Commpression
<ifmodule mod_deflate.c="">
<filesmatch ".(js|css|html|png|jpg|jpeg|swf|bmp|gif|tiff|ico|eot|svg|ttf|woff|pdf)$"="">
SetOutputFilter DEFLATE
</filesmatch>
</ifmodule>
Options All -Indexes +FollowSymLinks -MultiViews
<IfModule mod_rewrite.c>
# Turn mod_rewrite on
RewriteEngine On
RewriteBase /
# remove spaces from start or after /
#RewriteRule ^(.*/|)[\s%20]+(.+)$ $1$2 [L,R=301,NE]
# remove spaces from end or before /
#RewriteRule ^(.+?)[\s%20]+(/.*|)$ $1$2 [L,R=301,NE]
# replace spaces by - in between
#RewriteRule ^([^\s%20]*)(?:\s|%20)+(.*)$ $1+$2 [L,R=301,NE]
# Remove trailing slash
RewriteRule ^(.+)/$ http://%{HTTP_HOST}/$1 [L,R=301]
# Add trailing slash
#RewriteCond %{REQUEST_URI} !(/$|\.)
#RewriteRule (.*) %{REQUEST_URI}/ [L,R=301]
# Remove multiple slashes
RewriteCond %{THE_REQUEST} ^[A-Z]{3,}\s/{2,} [NC]
RewriteRule ^(.*) $1 [R=301,L]
# Clean url rewrite
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !^.*\.(png|jpg|jpeg|bmp|gif|css|js|json)$ [NC]
#RewriteRule ^([^/]+/?.+)$ /index.php?req=$1 [L,QSA]
#RewriteRule ^(.*)$ /index.php?req=$1 [L,QSA]
RewriteRule ^(.*)$ /index.php [L,QSA]
</IfModule>
# Big thnx to anubhava for his regex help - linkedin.com/in/anubhava
UPDATE
The index.php works as a page file loader it doesn't contain any html.
Only the root url works and loads the corresponding php file, hence mod_rewrite is enabled.
htaccess fails to translate the rest of the requests I suppose ?
vhostfile tms.localhost
<VirtualHost *:80>
ServerAdmin webmaster#tms.localhost
DocumentRoot /var/www/tms
ServerName tms.localhost
#ServerAlias www.example.com
</VirtualHost>
modules phpinfo() :
core mod_log_config mod_logio prefork http_core mod_so mod_alias mod_auth_basic mod_authn_file mod_authz_default mod_authz_groupfile mod_authz_host mod_authz_user mod_autoindex mod_cgi mod_deflate mod_dir mod_env mod_mime mod_negotiation mod_php5 mod_reqtimeout mod_rewrite mod_setenvif mod_status
Well there was nothing wrong with it.
Apparently either the compression program or google drive (where I kept the project renamed .htaccess to htaccess...
I'm trying to get Apache to recognize the htaccess file at the root of my Drupal website but no matter what settings I try, it is simply ignored. The mod_rewrite module is loaded, AllowOverride is set to All and all paths are correct. The htaccess file has the most basic settings I could find but it doesn't matter because it still doesn't work if I fill it with garbage text. I've scoured the web trying to find answers but nothing has worked yet. Any ideas you may have would be helpful. I'm running CentOS 6.3 with Apache 2.2.15 and Drupal 7.
Here is the .htaccess file:
</IfModule>
# Various rewrite rules.
<IfModule mod_rewrite.c>
RewriteEngine on
# If you do not have mod_rewrite installed, you should remove these
# directories from your webroot or otherwise protect them from being
# downloaded.
RewriteRule "(^|/)\." - [F]
# Pass all requests not referring directly to files in the filesystem to
# index.php. Clean URLs are handled in drupal_environment_initialize().
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^ index.php [L]
# Rules to correctly serve gzip compressed CSS and JS files.
# Requires both mod_rewrite and mod_headers to be enabled.
<IfModule mod_headers.c>
# Serve gzip compressed CSS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.css $1\.css\.gz [QSA]
# Serve gzip compressed JS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.js $1\.js\.gz [QSA]
# Serve correct content types, and prevent mod_deflate double gzip.
RewriteRule \.css\.gz$ - [T=text/css,E=no-gzip:1]
RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]
<FilesMatch "(\.js\.gz|\.css\.gz)$">
# Serve correct encoding type.
Header set Content-Encoding gzip
# Force proxies to cache gzipped & non-gzipped css/js files separately.
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>
</IfModule>
Thanks,
-Dave
I have drupal installed in a subfolder drupal, but I want to access pages as it is in root folder: http://www.example.com instead of http://www.example.com/drupal
I'm able to have this working, but it's also working with url containing subfolder, so I have http://www.example.com and a clone site in http://www.example.com/drupal
What is the rule to forbid access to subfolder?
I want all url starting with http://www.example.com/drupal being forbidden.
This is .htaccess in / directory:
Options -Indexes
Options +FollowSymLinks
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [L,R=301]
RewriteRule ^(.*+)$ drupal/$1 [L,QSA]
</IfModule>
And this is drupal .htaccess in /drupal/ directory:
Options -Indexes
Options +FollowSymLinks
ErrorDocument 404 index.php
DirectoryIndex index.php index.html index.htm
# Override PHP settings that cannot be changed at runtime. See
# sites/default/default.settings.php and drupal_initialize_variables() in
# includes/bootstrap.inc for settings that can be changed at runtime.
# PHP 5, Apache 1 and 2.
<IfModule mod_php5.c>
php_flag magic_quotes_gpc off
php_flag magic_quotes_sybase off
php_flag register_globals off
php_flag session.auto_start off
php_value mbstring.http_input pass
php_value mbstring.http_output pass
php_flag mbstring.encoding_translation off
</IfModule>
# Requires mod_expires to be enabled.
<IfModule mod_expires.c>
# Enable expirations.
ExpiresActive On
# Cache all files for 2 weeks after access (A).
ExpiresDefault A1209600
<FilesMatch \.php$>
# Do not allow PHP scripts to be cached unless they explicitly send cache
# headers themselves. Otherwise all scripts would have to overwrite the
# headers set by mod_expires if they want another caching behavior. This may
# fail if an error occurs early in the bootstrap process, and it may cause
# problems if a non-Drupal PHP file is installed in a subdirectory.
ExpiresActive Off
</FilesMatch>
</IfModule>
# Various rewrite rules.
<IfModule mod_rewrite.c>
RewriteEngine on
# Block access to "hidden" directories whose names begin with a period. This
# includes directories used by version control systems such as Subversion or
# Git to store control files. Files whose names begin with a period, as well
# as the control files used by CVS, are protected by the FilesMatch directive
# above.
RewriteRule "(^|/)\." - [F]
# To redirect all users to access the site WITH the 'www.' prefix,
# (http://example.com/... will be redirected to http://www.example.com/...)
# uncomment the following:
# RewriteCond %{HTTP_HOST} !^www\. [NC]
# RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#
# To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.example.com/... will be redirected to http://example.com/...)
# uncomment the following:
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [L,R=301]
RewriteBase /drupal
# Pass all requests not referring directly to files in the filesystem to
# index.php. Clean URLs are handled in drupal_environment_initialize().
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
#RewriteRule ^ index.php [L]
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
# Rules to correctly serve gzip compressed CSS and JS files.
# Requires both mod_rewrite and mod_headers to be enabled.
<IfModule mod_headers.c>
# Serve gzip compressed CSS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.css $1\.css\.gz [QSA]
# Serve gzip compressed JS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.js $1\.js\.gz [QSA]
# Serve correct content types, and prevent mod_deflate double gzip.
RewriteRule \.css\.gz$ - [T=text/css,E=no-gzip:1]
RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]
<FilesMatch "(\.js\.gz|\.css\.gz)$">
# Serve correct encoding type.
Header append Content-Encoding gzip
# Force proxies to cache gzipped & non-gzipped css/js files separately.
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>
</IfModule>
It looks like you're rewriting stuff to the /drupal/ directory, so you don't want to completely forbid access, otherwise going to http://www.example.com will be denied because it gets rewritten to /drupal. I'm assuming you want to disable requests that are directed to the drupal directory, so you'd need to add this somewhere:
RewriteCond %{THE_REQUEST} ^([A-Z]{3,9})\ /drupal/
RewriteRule ^drupal - [F,L]
Adding this to the top of the .htaccess (just under RewriteEngine On) in your document root should be sufficient. If not, try adding it to the one in your drupal directory (just under RewriteEngine On).
I solved this adding these two lines after RewriteEngine on in /drupal/.htaccess:
# deny access to url starting with /drupal/
RewriteCond %{THE_REQUEST} ^([A-Z]{3,9})\ /drupal/
RewriteRule .* - [F,L]
Using R=403 avoids problems with drupal "not found" handler: ErrorDocument 404 drupal/index.php
Try to change this in your .htaccess in / directory:
Options -Indexes
Options +FollowSymLinks
<IfModule mod_rewrite.c>
RewriteEngine On
# if access is straight to drupal (= no rewrite rule)
# notify in query string:
RewriteRule (drupal/(.*)) $1?straight=1 [QSA]
RewriteRule ^(.*+)$ drupal/$1 [L,QSA]
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [L,R=301]
RewriteRule ^(.*+)$ drupal/$1 [L,QSA]
</IfModule>
Add this in your drupal dir .htaccess file just after RewriteEngine On:
RewriteEngine On
RewriteCond %{QUERY_STRING} straight=1
# "not found" 404 :
RewriteRule .* - [R=404,L]
Tell me if it works :)