I have a folder in my web root called docs and I need to ensure that files in this directory cannot be accessed by non authenticated users.
I have a file in this directory called index.php that verifies whether the user is logged in and serves up the requested file accordingly.
So in order to catch requests for files, in docs I have created the following .htaccess file
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !index.php
RewriteRule ^(.*)$ index.php?requested_file=$1 [QSA,L]
</IfModule>
This works if I navigate to /docs/index.php then index.php is called. However if I navigate to /docs/cat.jpg then I am sent directly to cat.jpg. But I shouldn't be able to access this file...
Can anyone advise what I am doing wrong here please?
Well I tried your exact code on my Apache based stack and it works fine
So There is nothing wrong with your apache instructions
May be you are using php or IDE's inbuilt live servers. For that to work you need apache based stack like Lampp, Wampp, Xampp or Mampp.
Related
I had htaccess which worked for many years with a command like this:
RewriteRule ^products/(.*).php product.php?page=$1&%{QUERY_STRING}
Mapping all items under products folder to be served with product.php file
Today, suddenly all URLs started giving 404. After many hours of digging, I found that the command now works only if there is an actual file (even empty file - it doesn't matter) under the products folder. For example, products/p1.php would work only if p1.php resides under the products folder.
I also run a test and added:
RewriteRule ^tests/(.*).php tests/index.php
and an index.php file under tests folder with hello world. It will only work for files that actually in tests folder. tests/testing.php will show index.php content only if there is a file testing.php in tests folder.
Does anybody have an idea what could have changed at the server configuration to cause this or if there is a way to fix my command to work without an actual file in the location of the URL?
Edited 1st of November 2018:
I found this in the httpd.conf:
<IfModule proxy_fcgi_module>
<FilesMatch \.(phtml|php[0-9]*)$>
SetHandler proxy:unix:/opt/cpanel/ea-php70/root/usr/var/run/php-fpm/.sock|fcgi://mydomain.com
</FilesMatch>
RewriteCond %{REQUEST_FILENAME} \.php$
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_URI} !-f
RewriteRule (.*) - [H=text/html]
</IfModule>
Could that be the reason?
Another Update:
So this line
RewriteRule ^tests/(.*) tests/index.php
Will work for existing files and also for non-existing directory.
so tests/dir1/ will redirect fine. But test/file.php will only redirect if file.php actually exist.
One more update (sorry I'm debugging it and finding our more stuff):
The redirect will fail only for PHP files! all other files will work correctly.
Final Solution:
These three lines in httpd.conf need to be commented.
RewriteCond %{REQUEST_FILENAME} \.php$
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_URI} !-f
RewriteRule (.*) - [H=text/html]
I suspect they are auto-generated by some Cpanel updated and will try to report this to them.
Thank you
yshaool I have the exact same problem with you. My search for a solution lead me also to the httpd.conf.
I commented out the 3 Rewrite lines and restarted Apache. Now it works OK. I'm afraid that this is auto generated file and it will overwritten some time.
At first you need to make life more clearer and stop further rules execution by [L] option:
RewriteRule ^products/(.*).php product.php?page=$1&%{QUERY_STRING} [L]
If doesn't help - there will be rules before yours quoted one executed with a priority.
Something with
RewriteCond %{REQUEST_FILENAME} !-f
condition.
Check your .htaccess if you have those rules.
If you control /etc/apache2/ or /etc/httpd/ folder - check root webserver configs for those.
Otherwise you need to contact your hosting provider.
This seems to have been asked hundreds of times, and I read it and tried different things. Nothing seems to work, so after reading about 5 google pages about this I gave up and I want to see if anyone can give me an answer.
I want to remove the /public from my URL
I'm using an apache 2.4 server on windows. I just installed laravel.
I made sure the rewrite module is on in apache (php's get_apache_modules() shows it) and now I'm trying to write the .htaccess - and I can't understand how it works.
I don't want to change anything in my apache configurations (I'm using this machine to develop multiple apps)
my current .htaccess files are :
in the app route directory
Options -MultiViews
RewriteEngine On
RewriteRule ^ public/index.php [L]
and in the public folder
Options -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ /texteditor/public/index.php [L]
Right now localhost/texteditor/ - and anything after it that isn't public/ gives me 404
Also can anyone recommend an easy .htaccess tutorial for dummies?
I have done this thing by doing following and working fine.
Please do this if it is helpful to you.
Move public/index.php to www/texteditor/index.php.
also Move public/.htaccess to www/texteditor/.htaccess.
then you can do it.
Please replace your app root directory's .htaccess with public/.htaccess.
I've currently updated our site, and the image folder name has changed from /img/ to /images/.
I'm still getting 404 errors in my apache error log from bots etc trying to access the old /img folder.
I'm trying to write a mod_rewrite rule to redirect any attempts to access /img/ to refer to /images/.
This is what I've got so far:
RewriteRule ^img/?(.*)$ images/$1 [R=301,L]
However, whenever I access http://mysite.com/img I still get my 404 page (instead of a forbidden page which I should receive for accessing /images).
Is this correct? I do have another rule forcing use of ssl if that matters.
Many thanks
This rule should be place on your root folder:
Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteBase /
RewriteCond %{DOCUMENT_ROOT}/images/$1 -d [OR]
RewriteCond %{DOCUMENT_ROOT}/images/$1 -f
RewriteRule ^img/(.*) /images/$1 [R=302,NC,L]
This rule will redirect only existent files or folders existent on http://domain.com/images.
Keep in mind that you may have been cached from previous attempts since you're using R=301, so to make sure its working try using a different browser.
Note that I am using R=302, to avoid this caching, once you confirm it is working, change it to R=301.
I've never had a problem with cakePHP before, but something's odd about this server and is causing the redirects in the .htaccess files to behave oddly.
CakePHP uses mod_rewrite in .htaccess files to redirect requests to its own webroot folder. The problem is that the redirects are listing the wrong path and causing a 404 error. My CakePHP application, which is stored in the listings directory, has a .htaccess file as follows:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^$ app/webroot/ [R=301,L]
RewriteRule (.*) app/webroot/$1 [R=301,L]
</IfModule>
(*note that the R=301 causes an external redirect so we can see what is going on from our end. It should really omit this flag and do the redirect internally, transparent to end-users)
This is supposed to redirect any request from http://hostname.com/~username/listings/ to http://hostname.com/~username/listings/app/webroot/
However, rather than simply adding “app/webroot/” to the end as it is supposed to, it is adding the full server path ( /home/username/public_html/listings/app/webroot/ ) resulting in the final URL http://hostname.com/home/username/public_html/listings/app/webroot/ which is obviously incorrect and triggers a 404 error.
The hosting is on a shared hosting account, so that limits what I can do with the settings. I've never seen this happen before, and I'm thinking it's something wrong from the hosting side of things, but if anyone has some helpful suggestions then I can put them to the hosting company as well.
The solution to your question can be found towards the bottom of this page in the cakephp book:
For many hosting services (GoDaddy, 1and1), your web server is actually being served from a user directory that already uses mod_rewrite. If you are installing CakePHP into a user directory (http://example.com/~username/cakephp/), or any other URL structure that already utilizes mod_rewrite, you'll need to add RewriteBase statements to the .htaccess files CakePHP uses (/.htaccess, /app/.htaccess, /app/webroot/.htaccess).
I've deployed CakePHP from my profile's public_html folder as well. I had to change 3 the same .htaccess files mentioned above. Just add RewriteBase /~username/ to the .htaccess files just after RewriteEngine on!
Try removing .htaccess from main file... It worked for me
It was quite simple (using uolhost shared host):
Edit both .htaccess files:
/webroot/.htaccess
/.htaccess
Add the following line:
RewriteBase /
Here is the whole /webroot/.htaccess file:
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
I have a web application that has one set of files used by 50+ clients and all the configuration for each site comes from a config.php file in their respective directories. This is accomplished with PHP parsing the URL. All this works fine, just having an issue with custom uploaded documents the client can do and are located in
/var/www/sites/user1/cache
There can be multiple subdirs. So when requesting
http://user1.site.com/cache/subdir1/image.jpg
it needs to be read from
/var/www/sites/user1/cache/subdir1/image.jpg
The client is allowed to upload any file type, so I just need the rewrite to take any /cache requests, then grab the subdomain and point to proper directory.
Came up with this, but am still getting an invalid page
RewriteEngine On
RewriteCond %{HTTP_HOST} ^([^\.]+)\.site\.com$
RewriteRule ^cache/(.*)$ /sites/%1/cache/$1 [L]
Any help is appreciated.
If I read the RewriteRule documentation correctly, the L flag on its own would generate an internal redirection, meaning that the substitution would be interpreted as a local file system path.
Try using the complete path:
RewriteRule ^cache/(.*)$ /var/www/sites/%1/cache/$1 [L]
or do an external redirection (using HTTP return status "302 MOVED TEMPORARILY"), to let the user's browser re-send the request with the new path:
RewriteRule ^cache/(.*)$ /sites/%1/cache/$1 [L,R]
The /var/www/ is where the files are on the filesystem. I was routing based on the document root so I didn't need to put that there. But I realized I was missing the leading forward slash on the /cache/. Though your answer wasn't really what I was looking for, it made me see what I was missing. Thanks.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^([^\.]+)\.site\.com$
RewriteRule ^/cache/(.*)$ /sites/%1/cache/$1 [L]