I have 2 projects, one is a PHP web API with the following .htaccess:
Header add Access-Control-Allow-Origin "http://app.domain.com"
Header add Access-Control-Allow-Headers "origin, x-requested-with, content-type"
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
Header always set Access-Control-Allow-Credentials true
RewriteEngine on
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteCond %{SCRIPT_FILENAME} !-l
RewriteRule ^(.*)$ index.php/$1
Note the Access-Control-Allow-Origin header which contains the base URL of the second project (an angularjs application).
This does work, however I'd like to change the origin to * if both projects are being run on localhost, so that every developer within this project can simply test changes without deploying first.
How can I achieve this?
We do not want to use a separate .htaccess for local tests. We prefer to use a single one.
Are you searching for this ?
replace "Error Document" with "Acces control"
https://www.html-seminar.de/forum/thread/4027-if-abfrage-in-htaccess-unterscheiden-zwischen-localhost-xampp-und-webserver/
# Localhost / XAMPP
<IfModule mod_win32.c>
ErrorDocument 403 http://localhost/phip/www/404.html
ErrorDocument 404 http://localhost/phip/www/404.html
</IfModule>
# Webserver
<IfModule !mod_win32.c>
ErrorDocument 403 http://***/404.html
ErrorDocument 404 http://***/404.html
</IfModule>
Related
My sample PDF URL is:
https://askanydifference.com/wp-content/uploads/2022/09/Difference-Between-Import-and-Export.pdf
I am trying to noindex all my PDF files in my wordpress website. While doing research, I learnt that they can only be marked noindex using .htaccess and not any other means as pdf files don't have any html code for meta tag.
So by following the solution given below, I added the X-Robots-Tag is my .htaccess file as:
https://webmasters.stackexchange.com/questions/14520/how-to-prevent-a-pdf-file-from-being-indexed-by-search-engines
<Files "\.pdf$">
Header set X-Robots-Tag "noindex, nofollow"
</Files>
# BEGIN WordPress
# The directives (lines) between "BEGIN WordPress" and "END WordPress" are
# dynamically generated, and should only be modified via WordPress filters.
# Any changes to the directives between these markers will be overwritten.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
<IfModule mod_headers.c>
Header set Content-Security-Policy "block-all-mixed-content"
</IfModule>
I have placed the .htaccess file in public_html folder.
But when I inspect the file in Firefox under Network tab, the X-Robots-Tag is not present.
All my caching is disabled
Any help on where I am going wrong
<Files "\.pdf$">
Header set X-Robots-Tag "noindex, nofollow"
</Files>
You have copied the linked solution incorrectly. To match a regex with the Files directive you need the additional ~ argument. ie. <Files ~ "\.pdf$">. (Although the FilesMatch directive is arguably preferable when using a regex.)
However, you do not need a regex here. Just use the standard Files directive with a wildcard (not regex) pattern. For example:
<Files "*.pdf">
:
Reference:
https://httpd.apache.org/docs/current/mod/core.html#files
https://httpd.apache.org/docs/current/mod/core.html#filesmatch
After series of search on stackoverflow, i got these two working htaccess codes, however, i'm confused which one is better.
Actually both works fine but is there any difference in performance or speed?
<FilesMatch "\.(jpg|jpeg|png|gif)$">
ErrorDocument 404 "/no_profile_picture.png"
</FilesMatch>
and
RewriteEngine On
RewriteCond %{REQUEST_URI} \.(jpg|jpeg|gif|png|ico)$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* /no_profile_picture.png [L]
Both directives will serve the core purpose of showing /no_profile_picture.png when an image with jpg|jpeg|gif|png|ico extensions is not found inside your site root. However there is a subtle difference.
<FilesMatch "\.(jpg|jpeg|png|gif)$">
ErrorDocument 404 "/no_profile_picture.png"
</FilesMatch>
This directive will also return 404 (Http NotFound) status to browser/client but the other block will still return 200 (Http OK) status back to clients. So I suggest going with FilesMatch block for correctly showing desired non-found image and returning 404 to clients.
I am using https://hstspreload.org to test the status of HTTP to HTTPS redirect and HSTS. I receive the following error message:
HTTP redirects to a page without HSTS
http://example.com redirects to https://example.com/, which does not serve a HSTS header that satisfies preload conditions.
Here are the contents of my .htaccess file:
###
# force HTTPS
###
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} !=on [NC]
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>
###
# HSTS
###
<IfModule mod_headers.c>
Header set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" env=HTTPS
Header always set Cache-Control "no-store, no-cache, must-revalidate"
</IfModule>
From this blog post I read that:
... that redirect must have the HSTS header, not the page it redirects to.
I am not sure what rules should I add or modify in order to fulfill this condition. If someone knows, based on the information I have provided, what ruling should I add or modify in my .htaccess file to have HSTS header in the redirect as well?
My shared host offers shared SSl certificate like the following:
https://host###.HostMonster.com/~username
Where host### is the hosting server for my account there.
I use CakePHP app on the root of public_html where I have public_html/webroot path and I use the following .htaccess settings on public_html:
# Turn off the ETags
Header unset ETag
FileETag None
# Turn off the Last Modified header except for html docs
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|mp3)$">
Header unset Last-Modified
</FilesMatch>
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf|mp3)$">
Header set Expires "Thu, 15 Jan 2015 20:00:00 GMT"
</FilesMatch>
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf|mp3)$">
Header set Cache-Control "max-age=31449600"
</FilesMatch>
# Use PHP5.3 as default
AddHandler application/x-httpd-php54 .php
Redirect /Hosting/Q/ http://sub.mydomain.net/
<IfModule mod_rewrite.c>
RewriteEngine on
#RewriteCond %{HTTPS} =on
#RewriteBase /~twoindex/
RewriteRule ^$ webroot/ [L]
RewriteRule (.*) webroot/$1 [L]
</IfModule>
AddType audio/mpeg mp3
AddType text/xml xml
When I try to access https://host15.HostMonster.com/~myuser where host15 is my host server, I got 404 error.
I tried the following:
Creating a simple html file and placing it on public_html and then accessing it using https://host15.HostMonster.com/~myuser/simple.html. It also returns 404 error.
I tried to comment out the two lines after RewriteEngine on but no success too.
Removing the contents of the .htaccess file i.e making it empty, allowed me to access simple.html via https successfully.
The last try, is not a real option for me because it will destroy my CakePHP application. However, it approved that it is a problem related with rewriting rules in the .htaccess. So, I need to know how to modify the .htaccess to allow accessing my CakePHP application while allowing accessing the simple.html or better a sub directory on public_html
Update
I tried the following rule, but it ended with the error This webpage has a redirect loop when I try to access https://host15.HostMonster.com/~myuser/folder and it keeps everything fine for the CakePHP application.:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^host15\.HostMonster\.com [NC]
RewriteRule ^(.*)$ /~myuser/$1 [R,L]
RewriteRule ^$ webroot/ [L]
RewriteRule (.*) webroot/$1 [L]
</IfModule>
I'm redoing an entire website and the browser is using the cached index.html of pages that are at the same URL.
This is the entire content of the .htaccess file in one of the problem directories:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /products/
# Remove 'index.html' from the URL for old links that include it.
RewriteCond %{THE_REQUEST} ^.*\index\.html?\ HTTP/
RewriteRule ^(.*)index\.html?$ "/products/$1" [R=301,L]
# Use index.php for all requests.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ /products/index.php [L]
</IfModule>
# An atempt to tell the browser not to use a cached .html file.
ExpiresActive on
ExpiresByType text/html "access plus 0 seconds"
<FilesMatch "\.(html)$">
Header set Cache-Control "private, must-revalidate"
</FilesMatch>
I've tried multiple things here, but nothing is working. This is all I see in the headers:
Request URL:http://www.example.com/products/
Request Method:GET
Status Code:200 OK (from cache)
There are no Request Headers or Response Headers.
I'm thinking I can maybe try a RewriteRule to add something like ?28032012 to the end of something, but I don't know how to even attempt that.
I've read that appending ?version=<%=version%> to problematic file names is a good method of cache busting. You may also try as an easier solution the http header "cache-control: max-age = 600" so that anything on the page that is 10 minutes or older is pulled from the server.
You can just append /? to the end of your URL.
Example:
www.google.com/?
The solution I ended up using for this was to redirect all www requests to non www requests. So basically, this approach prevented any browsers from using any cached resources because the www version of the site no longer exists.
This is worked for me.
<IfModule mod_headers.c>
Header set Cache-Control "no-cache, no-store, must-revalidate"
Header set Pragma "no-cache"
Header set Expires 0
</IfModule>
Reference: https://wp-mix.com/disable-caching-htaccess/