htaccess rule to server JSON file form folder - apache

How I can show a JSON file while accessing a URL. I have this JSON file in a folder in my web root. Is it possible to show this JSON file using htaccess rules. My URL is as follows
http://example.com/api/v1/entity
I have api/v1/entity folder structure in my webroot
Can I place this static attributes.json file in the entity folder and on hitting the URL http://example.com/api/v1/entity how can I show the JSON data.

Place your file inside api/v1/entity/ and name it for example myfile.json.
Create a new file api/v1/entity/.htaccess with this rule:
RewriteEngine On
RewriteRule ^/?$ myfile.json [L]
# return application/json for myfile.json
<Files "myfile.json">
ForceType application/json
</Files>

I was having the same issue, the problem was in my .htaccess file
I tried to change
# Deny accessing extensions listed below
<Files ~ "(.json|.lock|.git)">
Order allow, deny
Deny from all
</Files>
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
To
# Deny accessing extensions listed below
<Files ~ "(.lock|.git)">
Order allow, deny
Deny from all
</Files>
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
Actually removing the .json extension works fine.

Related

Override FilesMatch rule of root htaccess by htaccess from subdirectory [duplicate]

I have an htaccess rule in a folder that disallows php scripts:
<FilesMatch "\.(?i:php)$">
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
</FilesMatch>
That works just fine. The problem is that there is a specific php script I do want to be able to call (via ajax), so I want to add another rule after the deny that says "but if it is this specific file then allow it". I've done this successfully with other htaccess files in the folder that the file resides with something like this:
<Files ajax_file.php>
<IfModule !mod_authz_core.c>
Order allow,deny
Allow from all
</IfModule>
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
</Files>
The problem I am having is that I want to grant a single file access from the same htaccess as the original FilesMatch that blocks all .php files. I can't seem to make it work with adding a file path and am wondering if there is a better way to go about this. The file in question would be a few folders deeper than than the htaccess file that denies the php scripts.
I can see that this is a really old post but, since there is no marked answer I figured I'd try and solve this.
The code you need should look like this:
<FilesMatch "\.(?i:php)$">
<IfModule !mod_authz_core.c>
Order allow,deny
Deny from all
</IfModule>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
</FilesMatch>
That blocks access to all php files and set the priority as allow then deny, so that we can override the deny all later.
Then to allow access to the specific php file use this:
<Files ajax_file.php>
<IfModule !mod_authz_core.c>
Allow from all
</IfModule>
<IfModule mod_authz_core.c>
Require all granted
</IfModule>
</Files>
I can see from your OP that this isn't that different to your own, so I can only assume that by re-adding the Order declaration you are causing some weirdness to mess things up, since you already set the priorities in the initial [block all php] files declaration.
I think mod_rewrite is the best and easiest solution to your problem.
RewriteEngine on
# allow access to ajax_file.php
RewriteCond %{THE_REQUEST} ajax_file\.php [NC]
RewriteRule ^ - [NC,L]
#disallow access to other php files
RewriteCond %{THE_REQUEST} .+\.php [NC]
RewriteRule ^ - [F,L]
which linux distribution do you use? there are some htaccess configurators which make it easier to configure these files. you could write something like this
require valid-user
for every file that gets access.

Using HTTP Host in filesmatch in htaccess

I am trying to match my sitemap based on host and it doesn't seem to be working. Can you help me figure this out.
My sitemap is sitemap-localhost.xml since i am running on my local
I have tried
<FilesMatch (sitemap-%{HTTP:Host}.xml)>
Order Deny,Allow
Allow from all
</FilesMatch>
<FilesMatch "sitemap-%{HTTP:Host}.xml">
Order Deny,Allow
Allow from all
</FilesMatch>
<FilesMatch sitemap-%{HTTP:Host}.xml>
Order Deny,Allow
Allow from all
</FilesMatch>
But nothing seems to work. The problem is I have two domains pointing to the same folder in the server and the two domains have two sitemaps.
FilesMatch directive is designed to match against files only. You can not check HTTP_HOST header or URL path using this directive, only filename with its extension is allowed in the pattern.
If you want deny access to an xml file of a specific Host ,for example To deny access to thishost.com/sitemap.xml you can use mod-rewrite` .
RewriteEngine on
RewriteCond %{HTTP_HOST} ^thishost\.com$
RewriteRule ^/?sitemap\.xml$ - [R=403,L]
This will return a 403 error to clients if they visit thishost.com/sitemap.xml .
The leading slash ( /? ) in the pattern above is optional so that the Rule can work in both contexts htaccess and server.config .

htaccess - Get error the page isn't redirecting properly

I'm trying to redirect all requests except some file types to download.php with this .htaccess file.
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !(\.php|\.html|\.css|\.jpeg|\.jpg\.png|\.js)$
RewriteRule ^(.*)$ /download.php?url=$1 [L,QSA]
I have place this htaccess in root folder, i get error from both firefox and chrome "The page isn't redirecting properly". If i move the htaccess in some sub directory, works perfect. Please help...
try the next code.
<Files ~ "^\.(htaccess|htpasswd)$">
deny from all
</Files>
Options Indexes
DirectoryIndex download.php
order deny,allow
deny from *.php
deny from *.html
deny from *.css
deny from *.jpeg
deny from *.jpg
deny from *.png
deny from *.js

deny access to files inside a hidden folder and temporary folders with apache .htaccess

i have a lot of temporary and hidden folders and files in my site that i want to deny access to all files inside that folders ,
i succeeded to block all the temporary and hidden files/directory with this htaccess part :
<FilesMatch "^\.">
Order allow,deny
Deny from all
</FilesMatch>
<FilesMatch "\~$">
Order allow,deny
Deny from all
</FilesMatch>
it blocks all files and directory beginning with a dot or ending with ~ and that's great but my problem is with folders when i have a folder called "test~" and inside that folder i have a file that don't matches with \~$ or ^. this url "mysite.tld/.test/file.ext will be not forbidden
You could try adding:
RewriteEngine On
RewriteRule (^|/)\.([^/]+)(/|$) - [L,F]
RewriteRule (^|/)([^/]+)~(/|$) - [L,F]

Deny from all in subdirectory htaccess not overriding file rules in root htaccess

I've got a situation where I'm trying to deny access to all files in a subdirectory of my website. I have added an htaccess file to this subdirectory and added a deny from all directive to it. However, I also have an htaccess file in the site root, which allows specific file types, and it seems like these file types are still accessible in the subdirectory even though I no longer want them to be. I have a workaround for this (see below), but I feel like there must be a better way. Here are my two htaccess files:
Root .htaccess
# Deny access to everything by default
Order Deny,Allow
deny from all
# Allow access to html files
<Files *.html>
allow from all
</Files>
Subdirectory .htaccess
# Deny access to everything
deny from all
Workaround:
Subdirectory .htaccess
# Deny access to everything
Order Allow,Deny
deny from all
<Files *.*>
deny from all
</Files>
This does what I want, but I feel like there should be a way to make the deny from all statement work by itself. Does anyone know how?
You can have your Root .htaccess like this
# Deny access to everything by default
Order Deny,Allow
deny from all
# Allow access to html files
<Files *.html>
allow from all
</Files>
# Deny access to sub directory
<Files subdirectory/*>
deny from all
</Files>
There is no need for a separate .htaccess in the sub directory.
You are allowing access to all html files in your .htaccess in the Root Directory and not denying it anywhere in the sub directory in the first case. Apache parses all your rules and uses the last matching rule, unlike firewalls (which uses the first rule match hit). The global rules are read first and the the specific rules later.
Order of directives in apache is really not obvious.
You have a complete description of it on the documentation "How the sections are merged".
Here is an excerpt:
The order of merging is:
<Directory> (except regular expressions) and .htaccess done simultaneously (with .htaccess, if allowed, overriding <Directory>)
<DirectoryMatch> (and <Directory ~>)
<Files> and <FilesMatch> done simultaneously
<Location> and <LocationMatch> done simultaneously
<If>
So what happens is that your <File> directive is handled after the Directory ones (as a .htaccess is in fact a Directory directive for the current directory).
It works in your given exemple as theses files directives are in fact nested in the .htaccess Directory directives, and the second File directive is applied after the parent directory one.
You cannot use a <FileMatch> directive in the parent, where files from the subdirectory would be excluded, as fileMatch is only working on the file name, and not on the file path. But you could maybe try with a LocationMatch, but it would maybe end in a quite complex one, to forbid also location hacks with dots.
In fact the solution I would use here is a RedirectMatch in the parent folder:
RedirectMatch 403 ^.*\.html$
After finding this thread I couldn't get it to work for a while, then I found out why, and thus hence my answer, to (hopefully) help people with the same problem in the future.
I copied #bansi's answer, like this:
#Deny access to everything by default.
Order Deny,Allow
deny from all
# Allow access to the root index.php.
<Files index.php>
allow from all
</Files>
#allow access to the other .PHP files
<Files pages/*.php>
allow from all
</Files>
And it did work partly, I couldn't access any javascript files in my js folder, or .PHP files that are not in the pages folder.
But I couldn't access my index.php file in the root folder, even though it is in the rules. the problem turned out to be because I also rewrited /index.php to -> /home like this:
RewriteRule ^home$ index.php [L]
the solution is to add this:
<Files home>
allow from all
</Files>