Apacher mod_rewrite - how to have clean URLs with .html? - apache

I have set in my Apache config to allow mod_rewrite:
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
AllowOverride All
</Directory>
$ sudo a2enmod rewrite
$ service apache2 restart
But why my URLs with .html won't work? eg:
mysite.com/about.html
mysite.com/contact.html
but it works with:
mysite.com/about
mysite.com/contact
How can I have URLs with .html working as well?
EDIT:
This is the .htaccess (modx):
# For full documentation and other suggested options, please see
# http://rtfm.modx.com/evolution/1.0/administration/friendly-url-solutions
# including for unexpected logouts in multi-server/cloud environments
# and especially for the first three commented out rules
#php_flag register_globals Off
AddDefaultCharset utf-8
#php_value date.timezone Europe/Moscow
#Options +FollowSymlinks
RewriteEngine On
RewriteBase /
# Fix Apache internal dummy connections from breaking [(site_url)] cache
RewriteCond %{HTTP_USER_AGENT} ^.*internal\ dummy\ connection.*$ [NC]
RewriteRule .* - [F,L]
# Rewrite domain.com -> www.domain.com -- used with SEO Strict URLs plugin
#RewriteCond %{HTTP_HOST} !^$
#RewriteCond %{HTTP_HOST} !^www\. [NC]
#RewriteCond %{HTTP_HOST} (.+)$
#RewriteRule ^(.*)$ http://www.%1/$1 [R=permanent,L] .
# without www
#RewriteCond %{HTTP_HOST} .
#RewriteCond %{HTTP_HOST} !^example\.com [NC]
#RewriteRule (.*) http://example.com/$1 [R=301,L]
# without www all domains
#RewriteCond %{HTTP_HOST} .
#RewriteCond %{HTTP_HOST} ^www.(.*)$ [NC]
#RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
# Exclude /assets and /manager directories and images from rewrite rules
RewriteRule ^(manager|assets)/.*$ - [L]
RewriteRule \.(jpg|jpeg|png|gif|ico)$ - [L]
# For Friendly URLs
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
# Reduce server overhead by enabling output compression if supported.
#php_flag zlib.output_compression On
#php_value zlib.output_compression_level 5
I don't see any rule there saying about having .html...

First thing it doesn't make any sense to have these two opposite meaning directives one after another:
AllowOverride None
AllowOverride All
You just need later part that is:
AllowOverride All
Secondly to support extension-less URLs you just need to enable MultiViews option as:
Options Indexes FollowSymLinks MultiViews

Related

Apache 2 not rewrite https traffic

Apache 2.3 don't rewrite the https traffic,
this is my htaccess
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^example.it$ [OR]
RewriteCond %{HTTP_HOST} ^www.example.it$ [OR]
RewriteCond %{HTTP_HOST} ^www.example.com$ [OR]
RewriteCond %{HTTP_HOST} ^example.org$
RewriteRule ^(.*)$ https://www.example.org%{REQUEST_URI} [R=301,L]
and this is mi example.conf in site-aviable
AccessFileName .htaccess
<Directory /www/example.org/>
Options FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
But not work for httpS!!
Only http traffic is rewrite
I want if you write https:// or http:// or without http(s) everything is redirected on https://www.example.org
How to do?
Best regards

php access to page forbidden

hi am getting strange forbidden access message , anybody have any idea , its malware work or htaccess problem .
when i visit http://e-innovate.co.uk it give me angry response :)
Access to this page is forbidden. Sorry.
Sorry, but access to this page is forbidden. Even if you have authentication, you are still not allowed to access this page. It's not meant for your eyes - ever!
Check the URL you entered for any mistakes and try again. Alternatively, search for whatever is missing or take a look around the rest of our site.
here is my htaccess file
AddDefaultCharset UTF-8
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options +MultiViews
</IfModule>
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php
</IfModule>
ErrorDocument 401 /Error-401
ErrorDocument 403 /Error-403
ErrorDocument 404 /Error-404
ErrorDocument 500 /Error-500
ErrorDocument 503 /Error-503
# Disable directory browsing
Options All +Indexes
# Remove Trailing slash on url - START
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} ^(.+)/$
RewriteRule ^(.+)/$ /$1 [R=301,L]
# Remove Trailing slash on url -END
RewriteCond %{HTTP_HOST} ^dksbsolutions\.co\.uk$ [OR]
RewriteCond %{HTTP_HOST} ^www\.dksbsolutions\.co\.uk$
#RewriteRule ^/?$ "http\:\/\/www\.e\-innovate\.co\.uk" [R=301,L]
RewriteCond %{HTTP_HOST} ^dksbsolutions\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.dksbsolutions\.com$
#RewriteRule ^/?$ "http\:\/\/www\.e\-innovate\.co\.uk" [R=301,L]
RewriteCond %{HTTP_HOST} ^dksbsolutions\.uk$ [OR]
RewriteCond %{HTTP_HOST} ^www\.dksbsolutions\.uk$
#RewriteRule ^/?$ "http\:\/\/www\.e\-innovate\.co\.uk" [R=301,L]
# Redirect www. to non www. - START
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
# RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
# RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
# Redirect www. to non www. - END
# HTTP Keep Alive - Start
<ifModule mod_headers.c>
Header set Connection keep-alive
Header set Vary "Accept-Encoding"
</ifModule>
# HTTP Keep Alive - End
ExpiresActive On
# Set a max-age of one day for caches
<IfModule mod_headers.c>
Header set Cache-Control "max-age=86400"
</IfModule>
# cache images and flash content for one month
<FilesMatch ".(js|css|flv|gif|jpg|jpeg|png|ico|swf|woff)$">
Header set Cache-Control "max-age=2592000"
</FilesMatch>
# cache text, css, and javascript files for one week
<FilesMatch ".(pdf|txt)$">
Header set Cache-Control "max-age=604800"
</FilesMatch>
# cache html and htm files for one day
<FilesMatch ".(html|htm)$">
Header set Cache-Control "max-age=43200"
</FilesMatch>
# CACHE - END
#GZIP BEGIN - COMPRESS - .CSS .JS .HTML .XHTML .PHP .TXT
<ifModule mod_deflate.c>
<filesMatch "\.(css|js|x?html?|php|txt|eot|svg|woff)$">
SetOutputFilter DEFLATE
</filesMatch>
</ifModule>
# GZIP END
# DISABLE IMAGE HOT LINKING - START
# RewriteCond %{HTTP_REFERER} !^$
# RewriteCond %{SERVER_NAME}%{HTTP_REFERER} !^(.*)https?://\1/
# RewriteRule \.(js|css|png|jpg|jpeg) - [R=404,L]
# DISABLE IMAGE HOT LINKING - END
#DENY ACCESS - START
<FilesMatch "db.php|php_error.php|error_log|\.tpl$">
Order allow,deny
Deny from all
</FilesMatch>
#DENY ACCESS - END
# STRONG HTACCESS PROTECTION
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>
### Security - Disable HTTP Track and Trace
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
# 5G BLACKLIST/FIREWALL (2013)
# # http://perishablepress.com/5g-blacklist-2013/
# 5G:[QUERY STRINGS]
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} (\"|%22).*(<|>|%3) [NC,OR]
RewriteCond %{QUERY_STRING} (javascript:).*(\;) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3) [NC,OR]
RewriteCond %{QUERY_STRING} (\\|\.\./|`|=\'$|=%27$) [NC,OR]
RewriteCond %{QUERY_STRING} (\;|\'|\"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if) [NC,OR]
RewriteCond %{QUERY_STRING} (base64_encode|localhost|mosconfig) [NC,OR]
RewriteCond %{QUERY_STRING} (boot\.ini|echo.*kae|etc/passwd) [NC,OR]
RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC]
RewriteRule .* - [F]
</IfModule>
# 5G:[REQUEST METHOD]
<ifModule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
</IfModule>
# 5G:[BAD IPS]
<limit GET POST PUT>
Order Allow,Deny
Allow from all
# uncomment/edit/repeat next line to block IPs
# Deny from 123.456.789
</limit>
It seems that there is a permission/ownership issue for your files/folders. You cannot check Apache error log without root access. You should contact your host to investigate the root cause of this issue by checking Apache error log.
It is also possible that your host has changed server PHP/apache configurations which has caused this issue.

https with url rewriting

When I enable https on my website, the url rewriting doesn't work ( not found ... )
My htaccess:
# URL Rewrite
<IfModule mod_rewrite.c>
RewriteEngine On
# Full path to your site
#
RewriteBase /
# 301 redirect if missing www.
#RewriteCond %{HTTP_HOST} !^www\.
#RewriteRule ^(.*)$ https://www.% {HTTP_HOST}/$1 [R=301,L]
#RewriteRule ^(static/|ajax\.php) - [F,L,NC]
# 301 redirect if missing trailing slash
#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteCond %{REQUEST_FILENAME} !-d
#RewriteRule [^/]$ %{REQUEST_URI}/ [R=301,L]
# Rules
#
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*) index.php?do=/$1
</IfModule>
How can I enable https with url rewriting ?
You have AllowOverride None in <Directory /var/www/> entry which means .htaccess isn't enabled.
To enable .htaccess change that to:
AllowOverride All
And restart Apache server.
You need to uncomment the lines first I think.

Deny from all folders except /index.php and two folders

This is an odd configuration, I'll give you that, but I'm looking to deny access to all folders in our system but it must be able to access,
/index.php (Wordpress bootloader)
/wp-*/* (e.g. wp-content, wp-admin, etc.)
/templates/* (some of our templates and custom content)
Everything else is denied (and there are hundreds of folders).
The problem I have is allowing index.php and 2 folders and then denying everything else inside /.
I should be able to accept,
http://example.com/
http://example.com/index.php
http://example.com/wp-content/...
http://example.com/wp-admin/...
http://example.com/wp-includes/...
http://example.com/templates/template.css
http://example.com/templates/subfolder/js/file.js
and reject,
http://example.com/thisIsAFolder
http://example.com/thisIsAnotherFolder
This is what I have,
<VirtualHost *:80>
ServerName example.com
DirectoryIndex index.php
DocumentRoot /var/www/
<Directory />
Order deny,allow
Deny from all
</Directory>
<Files index.php>
Allow from all
</Files>
<Directory "/var/www(/|/wp*/|/templates/)">
Allow from all
Options FollowSymLinks
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) wp/$2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ wp/$2 [L]
RewriteRule . index.php [L]
</Directory>
</VirtualHost>
But I continually receive Red Hat Enterprise Linux Test Page (using CentOS) and it allows for sub-directories because I allow /.
EDIT
This is the Apache config that ended up working for me. Big thanks to Jon Lin for the help.
<VirtualHost *:80>
ServerName example.com
DirectoryIndex index.php
DocumentRoot /var/www/
# first, deny all access
<Directory />
Order deny,allow
Deny from all
</Directory>
# then start to allow access where required
<Files index.php>
Allow from all
</Files>
<Directory "/var/www/">
Allow from all
Options FollowSymLinks
RewriteEngine On
RewriteBase /
# go directly to index.php if it is accessed
RewriteRule ^index\.php$ - [L]
# re-write URL for wp-admin access
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
# re-write wp-* access to route through wp/
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-(content|admin|includes).*) wp/$2 [L]
# re-write all .php files to route through wp/
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ wp/$2 [L]
# go directly to real files and directories
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
# respond to all other URLs by passing them through index.php
RewriteCond %{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
# deny access if URL doesn't start with these
RewriteCond %{REQUEST_URI} !^/(index\.php)?$
RewriteCond %{REQUEST_URI} !^/wp-[^/]+/
RewriteCond %{REQUEST_URI} !^/templates/
RewriteRule ^ - [L,F]
</Directory>
</VirtualHost>
You could try adding:
RewriteCond %{REQUEST_URI} !^/(index\.php)?$
RewriteCond %{REQUEST_URI} !^/wp-[^/]+/
RewriteCond %{REQUEST_URI} !^/templates/
RewriteRule ^ - [L,F]
right before:
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
The problem here though, is that permalinks will probably break, because a request like: /posts/post-title/ will not match an of the "allowed" URI's. If that's a problem, then move it to right before this line:
RewriteRule . index.php [L]

How to hide php extension in url?

I am trying to remove php extension from url, But its not working for me. I am using Windows 7, with apache2.2.17 and php5.3. Now I have configured it as
in .htaccess file
OPTIONS -Indexes
IndexIgnore *
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteCond %{REQUEST_URI} !/$
RewriteRule (.*) $1\.php [L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)/$ /$1 [R=301,L]
in httpd.conf enabled mod_rewrite as
LoadModule rewrite_module modules/mod_rewrite.so
and
<Directory "D:/Apache/htdocs">
Options Indexes FollowSymLinks ExecCGI MultiViews
AllowOverride all
Order allow,deny
Allow from all
</Directory>
in php.ini
expose_php = On
After making these configuration still i am not able to remove php extension from url in my windows machine but same thing is working in ubuntu server.
Is there anything I am missing here?
This might answer your question:
RewriteRule ^/([^-]*)$ /$1.php
It works for root catalog.
RewriteRule ^catalog/([^-]*)$ catalog/$1.php
Or you can write automatic script:
RewriteRule ^/([^-])/([^-])$ /$1/$2.php
But this is for "httpd.conf" file.
Where: ([^-]*) means variable; $1, $2 means converted to variable i.e.
www.verity.com/foo/bar => verity.com/foo/bar.php
Use this instead:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(([A-Za-z0-9\-]+/)*[A-Za-z0-9\-]+)?$ $1.php
By doing this, you will be able to call example.com/abc.php as example.com/abc