Where and how to use <Directory /> in order to prevent files and folder access in the / . <Directory /> gives for me 500 Internal Server error.
.htaccess
#if i add the next 6 lines (10 lines), i am getting the error "Internal Server Error"
<Directory />
Order deny,allow
Deny from all
Options None
AllowOverride All
</Directory>
<Directory /web>
Order Allow,Deny
Allow from all
</Directory>
RewriteEngine On
RewriteBase /
Options -MultiViews
DirectoryIndex /web/index.php
RewriteCond %{HTTP_HOST} ^somedomain\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.somedomain\.com$
RewriteRule ^/?$ "https\:\/\/somedomain\.com" [R=301,L]
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteCond %{ENV:REQUEST_FILENAME} !-d
RewriteCond %{ENV:REQUEST_FILENAME} !-f
RewriteCond %{ENV:REQUEST_FILENAME} !-l
RewriteRule ^(.*)$ /web/index\.php?url=$1 [QSA,L]
Directory location must contain full relative path including /var/www/ or whatever you have there.
Hope it helps!
Related
I am trying the below code but not working for me
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.html -f
RewriteRule ^(.*)$ $1.html
Simple solution, enable MultiViews in Apache.
MultiViews hides the file extension in the URL.
<Directory "/folder/subfolder/subfolder">
Options +MultiViews
</Directory>
I did install Symfony 4 on a subdirectory of my wamp localhost. My project is named "cardMaker".
I've a .htaccess file to redirect towards the public directory (index.php) :
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule "^$" public/ [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . srcAngular/index.html [L]
</IfModule>
That works. But, when I open http://localhost/cardMaker/, I have this:
How can I set the base url ?
Here at https://symfony.com/doc/current/setup/web_server_configuration.html they say:
# If you run your Symfony application on a subpath of your document root, the
# regular expression must be changed accordingly:
# ProxyPassMatch ^/path-to-app/(.*\.php(/.*)?)$ fcgi://127.0.0.1:9000/var/www/project/public/$1
Add the symfony app as an alias. Configure your apache httpd.conf file:
Alias /cardMaker "C:/Csi\CsiWorkspace/cardMaker/public"
<Directory "C:/Csi\CsiWorkspace/cardMaker/public">
AllowOverride All
Options Indexes FollowSymLinks
Require all granted
DirectoryIndex index.php index.html
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule cache/ - [F]
RewriteBase /symfonytest
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^ ./index.php [L]
</IfModule>
</Directory>
Notice the use of RewriteBase for the alias cardMaker
This config (with php-fpm) currently works for me:
Apache: 2.4
Symfony: 3.4.44
<Directory /var/www/example.local>
Options Indexes FollowSymLinks
Allow from all
AllowOverride None
Require all granted
Order deny,allow
Deny from all
</Directory>
Alias /cardMaker /var/www/example.local/cardMaker/public
<Directory /var/www/example.local/cardMaker/public>
DirectoryIndex index.php
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI}::$0 ^(/.+)/(.*)::\2$
RewriteRule .* - [E=BASE:%1]
RewriteCond %{HTTP:Authorization} .+
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%0]
RewriteCond %{ENV:REDIRECT_STATUS} =""
RewriteRule ^index\.php(?:/(.*)|$) %{ENV:BASE}/$1 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ %{ENV:BASE}/index.php [L]
</IfModule>
<IfModule !mod_rewrite.c>
<IfModule mod_alias.c>
RedirectMatch 307 ^/$ /index.php/
</IfModule>
</IfModule>
</Directory>
ProxyPassMatch ^/cardMaker(.*\.php(/.*)?)$ fcgi://php:9000/var/www/example.local/cardMaker/public$1
I have following .htaccess file:
RewriteEngine on
RewriteBase /
RewriteCond $1 !^(index\.php|images|css|js|robots\.txt|favicon\.ico)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ ./index.php/$1 [L,QSA]
but perhaps because of apache update to version 2.4.23 this one stopped working and browser returns message file not found.
I found out, that URL
example.com/auth/login
searches for index.php under {document_root}/auth/login directory and not directly in {document_root} and therefore it's not working. Putting directly %{DOCUMENT_ROOR} variable before index.php doesn't work, it looks like apache thinks, that document root is the one taken from URL.
How can I rewrite it to index.php with whole path put after index.php?
EDIT
I'm using fcgi and this is my vhost file:
<Directory "/Users/pogo/Development/www">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
Require all granted
</Directory>
<VirtualHost *:8080>
ServerName dh
ServerAlias *.dh
VirtualDocumentRoot "/Users/pogo/Development/www/%-2.0.%-1/%0/www"
DirectoryIndex index.html index.php
RewriteEngine On
<FilesMatch \.php$>
SetHandler "proxy:unix:/usr/local/var/run/php5/php5-fpm.sock|fcgi://localhost"
</FilesMatch>
</VirtualHost>
You can use this rule:
AcceptPathInfo On
Options +FollowSymLinks
RewriteEngine on
RewriteCond $1 !^(index\.php|images|css|js|robots\.txt|favicon\.ico) [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L,QSA]
Notice /index.php instead of ./index.php
I have a VirtualServer at api.host.com and I need to access the same content at app.host.com/api.
In Apache a have the following rule in httpd.conf :
<VirtualHost app.host.com>
DocumentRoot "C:\webserver\public\webapp"
ServerName app.host.com
<Directory "C:\webserver\public\webapp">
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Require all granted
</Directory>
Alias /api/ "C:/webserver/public/api/"
<Directory "C:/webserver/public/api/">
Order allow,deny
Allow from all
Require all granted
Options Indexes FollowSymLinks
</Directory>
</VirtualHost>
And in C:/webserver/public/webapp, .htaccess is :
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php?_url=/$1 [QSA,L]
RewriteRule ^/api/(.*)$ /api/index.php?_url=/$1 [QSA,L]
RewriteRule ^api/(.*)$ api/index.php?_url=/$1 [QSA,L]
I'm getting 404 not found when I access app.host.com/api/test but in app.host.com/api it is all ok.
In C:/webserver/public/api, .htaccess is :
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php?_url=/$1 [QSA,L]
And works just fine with api.host.com/test.
You need to swap the order of your rules. Your first rule's ^(.*)$ regex is matching all of your requests, so you need your api stuff before that rule gets a chance to match the request. Something like this:
RewriteEngine On
RewriteRule ^/?api/(.*)$ /api/index.php?_url=/$1 [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php?_url=/$1 [QSA,L]
In httpd.conf, I changed the path to
Alias /**apicall**/ "C:/webserver/public/api/"
<Directory "C:/webserver/public/api/">
Order allow,deny
Allow from all
Require all granted
Options Indexes FollowSymLinks
</Directory>
And used Jon Lin hint, changing .htaccess rule to
RewriteRule ^api/?(.*)$ /apicall/index.php?_url=/$1 [QSA,L]
This is an odd configuration, I'll give you that, but I'm looking to deny access to all folders in our system but it must be able to access,
/index.php (Wordpress bootloader)
/wp-*/* (e.g. wp-content, wp-admin, etc.)
/templates/* (some of our templates and custom content)
Everything else is denied (and there are hundreds of folders).
The problem I have is allowing index.php and 2 folders and then denying everything else inside /.
I should be able to accept,
http://example.com/
http://example.com/index.php
http://example.com/wp-content/...
http://example.com/wp-admin/...
http://example.com/wp-includes/...
http://example.com/templates/template.css
http://example.com/templates/subfolder/js/file.js
and reject,
http://example.com/thisIsAFolder
http://example.com/thisIsAnotherFolder
This is what I have,
<VirtualHost *:80>
ServerName example.com
DirectoryIndex index.php
DocumentRoot /var/www/
<Directory />
Order deny,allow
Deny from all
</Directory>
<Files index.php>
Allow from all
</Files>
<Directory "/var/www(/|/wp*/|/templates/)">
Allow from all
Options FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) wp/$2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ wp/$2 [L]
RewriteRule . index.php [L]
</Directory>
</VirtualHost>
But I continually receive Red Hat Enterprise Linux Test Page (using CentOS) and it allows for sub-directories because I allow /.
EDIT
This is the Apache config that ended up working for me. Big thanks to Jon Lin for the help.
<VirtualHost *:80>
ServerName example.com
DirectoryIndex index.php
DocumentRoot /var/www/
# first, deny all access
<Directory />
Order deny,allow
Deny from all
</Directory>
# then start to allow access where required
<Files index.php>
Allow from all
</Files>
<Directory "/var/www/">
Allow from all
Options FollowSymLinks
RewriteEngine On
RewriteBase /
# go directly to index.php if it is accessed
RewriteRule ^index\.php$ - [L]
# re-write URL for wp-admin access
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
# re-write wp-* access to route through wp/
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) wp/$2 [L]
# re-write all .php files to route through wp/
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ wp/$2 [L]
# go directly to real files and directories
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
# respond to all other URLs by passing them through index.php
RewriteCond %{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
# deny access if URL doesn't start with these
RewriteCond %{REQUEST_URI} !^/(index\.php)?$
RewriteCond %{REQUEST_URI} !^/wp-[^/]+/
RewriteCond %{REQUEST_URI} !^/templates/
RewriteRule ^ - [L,F]
</Directory>
</VirtualHost>
You could try adding:
RewriteCond %{REQUEST_URI} !^/(index\.php)?$
RewriteCond %{REQUEST_URI} !^/wp-[^/]+/
RewriteCond %{REQUEST_URI} !^/templates/
RewriteRule ^ - [L,F]
right before:
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
The problem here though, is that permalinks will probably break, because a request like: /posts/post-title/ will not match an of the "allowed" URI's. If that's a problem, then move it to right before this line:
RewriteRule . index.php [L]