I want to block access to my .html files to those who do not come from a specific referrer. Referrer domain is not primary domain. (referrer domain looks like this: http://sub.domain.com/3452434512 where this part: "3452434512" is always different)
This is how my .htaccess file looks like (found example on apache.org):
RewriteEngine on
RewriteCond "%{HTTP_REFERER}" "!subdomain.example.com" [NC]
RewriteRule "\.html" "http://redirect.here.com" [R]
But it does not work, it redirects all traffic to redirect domain. Where is the mistake?
Found several older (from 2004 and 2009) examples that did not work either.
EDIT: Version of Apache is 2.2 so I tried this version:
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !subdomain.example.com [NC]
RewriteRule \.(html|jpg|png|php)$ http://redirect.here.com [R,NC]
But this didnt work too.
Related
I'm hosting different sites
http://example.nl/example.nl/_sites/byos/
http://example.nl/example.nl/_sites/eggbot/
http://example.nl/example.nl/_sites/hslab/
http://example.nl/example.nl/_sites/prolactin/
And yes there is a folder that has the same name as the domain, there is a reason for that.
And I want the links to become:
http://example.nl/byos/
http://example.nl/eggbot/
http://example.nl/hslab/
http://example.nl/prolactin/
This is one of the many attempts:
RewriteEngine On
Options +FollowSymlinks
RewriteCond %{REQUEST_URI} !(.*)example.nl/_sites
RewriteRule ^(.*)$ example.nl/_sites/$1 [L]
And this one:
Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
RewriteBase /
RewriteRule ^example.nl/_sites/(.*)$ /$1 [L,NC,R]
The last one brings me close, it changes the address in what I want it to be, but it also results in a 404 now.
I also tried it with renaming the example.nl folder so it is not the same as the domain name but the problem seems to be the same.
In case it is important for later, I also have folders with files here:
http://example.nl/example.nl/_misc/
http://example.nl/example.nl/_plugins/
But I don't care if those get renamed, since they won't appear in the url bar, unless the user goes directly to one of those files, but I don't care about that.
So how can I omit the example.nl/_sites/ part and still have the website working?
I have seen the similar questions on SO, but for me it looks like Chinese in another dialect.
---- edit:
using the following of the answer from anubhava:
RewriteCond %{HTTP_HOST}::%{THE_REQUEST} ^(?:www\.)?([^:]+)::GET\s/+\1/_sites/(\S*)\s [NC]
RewriteRule ^ /%2 [R=301,NE,L]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^[^/]+/?$ %1/_sites%{REQUEST_URI} [L]
I don't get a 404 anymore.
But this files for example:
http://hslab.nl/hslab.nl/_misc/bna.js
It tries to load it as:
http://hslab.nl/_misc/bna.js
Which fails. In the code it was targeted as:
src="../../_misc/bna.js"
In case it helps here is a screenshot of the folder hslab.nl:
Without hardcoding host name, you may try these rules in your site root .htaccess:
RewriteCond %{HTTP_HOST}::%{THE_REQUEST} ^(?:www\.)?([^:]+)::GET\s/+\1/_sites/(\S*)\s [NC]
RewriteRule ^ /%2 [R=301,NE,L]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(.+)$ [NC]
RewriteRule ^[^/]+/?$ %1/_sites%{REQUEST_URI} [L]
With your shown samples, could you please try following. Fair warning I have written this in mobile so yet to test it should work IMHO will test it in sometime too. Also since you mentioned there could be multiple domains so I have specifically put a condition to check if it's example.nl here in case you want to rewrite request for any domain then we could omit that condition too.
RewriteEngine ON
RewriteCond %{HTTP_HOST} ^example\.nl$ [NC]
RewriteRule ^([a-zA-Z]+)/?$ %{HTTP_HOST}/_sites/$1 [L]
Note: in case you directories/folders are not necessarily starting with alphabets and could be anything then change regex in above from ^([a-zA-Z]+)/?$ TO ^([.*])/?$
I have 2 domains, the old domain is mjvandco.co.uk and he wants this redirecting to mjvlaw.co.uk. I have both pointing to the same webspace but when I test the URLs using https://httpstatus.io/ I get different results.
I have the following in my htaccess along with other stuff, but this is the redirect content:
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.mjvlaw\.co\.uk
RewriteRule (.*) https://www.mjvlaw.co.uk/$1 [R=301,L]
# Remove .html (excluding blog)
RewriteCond %{REQUEST_URI} !^/blog(.*)$
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.html\ HTTP/
RewriteRule ^(.*)\.html$ /$1 [R=301,L]
The only URL that now is not right is this one: http://www.mjvlaw.co.uk/. I used this site
https://mjvlaw.co.uk - goes to https://www.mjvlaw.co.uk
http://mjvlaw.co.uk - goes to https://www.mjvlaw.co.uk
http://www.mjvlaw.co.uk - not work as does not go to https
https://www.mjvlaw.co.uk - fine
However, when I do the same for the old domain it all works as it should and every one below goes too https://www.mjvlaw.co.uk.
https://www.mjvandco.co.uk
https://mjvandco.co.uk
http://mjvandco.co.uk
http://www.mjvandco.co.uk
Am I doing something stupid here? Should I create another webspace and have one folder for the old domain and what for the current one and each having it's own htaccess file?
Thanks. I have done another ticket a month or so back but I am not sure how to change the questions, so I apologise for the similar ticket.
You rule only redirects non-www http URLs to SSL version of your site. To redirect both non-www and www http versions , replace your first rewrite block with the following
RewriteCond ℅{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.mjvlaw\.co\.uk
RewriteRule (.*) https://www.mjvlaw.co.uk/$1 [R=301,L]
Make sure to clear your browser cache before you test this.
Recently I have encounter a strange issue , my website www.xyz.com is being pointed by some one on the web domain let suppose www.abc.com.
Though the whole website is on www.xyz.com but the other domain display every single content and directory path structure by their domain...e.g. the real path is www.xyz.com/somepage/id/etc can be work by www.abc.com/somepage/id/etc with same directory paths....
This other website is just redirecting everything to my website and I want to stop this domain to use my directory structure. This www.abc.com is also being crawled by Google crawler and added its link in Google search engine.
This is a very new issue to me I have one solution to restrict every single request and check if its from my own website or not.
Second solution is to restrict them through htaccess but I don't find perfect solution using htaccess.
I saw on the web it stop all the referrer, but doing that I am afraid if it will stop users coming from other website to my website ...I just need to restrict other domains to use my whole website as theirs using redirection...i have taken this issue on go daddy and they said they also don't know why the other website is pointing to my ip address ... so clueless I need expert advice to secure my website from future issues like this ...kindly advice...
My htaccess is
Options +FollowSymLinks
IndexIgnore */*
RewriteEngine on
# if a directory or a file exists, use it directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# otherwise forward it to index.php
RewriteRule . index.php
and i am using YII...
You can place this rule just below RewriteEngine On line:
RewriteEngine On
RewriteCond %{REMOTE_HOST} abc\.com$ [NC,OR]
RewriteCond %{HTTP_REFERER} abc\.com$ [NC,OR]
RewriteCond %{HTTP_HOST} !xyz\.(com|net)$ [NC]
RewriteRule ^ - [F]
In your .htaccess file:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.xyz\.com$
RewriteCond %{HTTP_HOST} !^subdomain\.xyz\.com$
RewriteRule .* - [F]
I've searched for solutions and not finding a clear answer - It's a little out of my field but I need to find an answer in a pinch.
I use an .htaccess to verify and allow access to certain webpages from outside links.
here's a sample of what I use:
AuthUserFile /dev/null
AuthGroupFile /dev/null
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.website_abc.com/
RewriteCond %{HTTP_REFERER} !^http://www.website_xyz.com/
RewriteRule /* http://www.mysite.com/denied_message.php [R,L]
this works as I want it to - I list the sites that I want to access and park .htaccess in a root directory.
My problem is when someone is linking from HTTPS it block's them even if they are in the list (and I tried putting https in the list as well).
I found various answers but none that I fully understood or that did the trick.
one was using :
RewriteCond %{HTTPS} on
but that allowed anyone in from any location.
Can someone spell this out for me?
apache / LAMP
Thanks!
RewriteCond %{HTTPS} on
This adds a condition that the actual request for your site is through HTTPS. You only want to match the referer. I'm not sure what you've tried as far as adding https:// versions of what you have in your referer checks, but this works when I put them in a blank htaccess file:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.website_abc.com/
RewriteCond %{HTTP_REFERER} !^http://www.website_xyz.com/
RewriteCond %{HTTP_REFERER} !^https://www.website_abc.com/
RewriteCond %{HTTP_REFERER} !^https://www.website_xyz.com/
RewriteRule /* http://www.mysite.com/denied_message.php [R,L]
I want to know how to prevent hotlinking to resources on my site without hard coding the domain name.
I need this since the software will be used for multiple domains, and may be used as an installation. It would not be feasible to instruct every user to make changes in the htaccess file to enter their current domain.
I have come across a lot of code similar to this. but here as you can see you have to enter the domain name.
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !www.example.com [NC]
RewriteRule \.(gif|jpg|png)$ - [F,NC]
I have also come across the below snippet from this apache page, which seems to solve the problem. But for some reason cant get it to work.
RewriteCond expr "! %{HTTP_REFERER} -strmatch '*://%{HTTP_HOST}/*'"
RewriteRule ^/images - [F]
Note: i have set up a local domain name to perform the tests. so i access my site as mysite.local instead of localhost/mysite
Is there a way i can prevent hotlinking without hard-coding the domain name in the htaccess ?
Looking at the 2.2 documentation, I think it's actually a lot more simple back then than in 2.4. But test to be sure:
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !%{HTTP_HOST} [NC]
RewriteRule ^/images - [F]