Directory viewing would render 403 upon wrong ip:
order deny,allow
deny from all
allow from 111.222.333.444
Simple and clear, so lets move on...
then tried to gobble up some code to render 404 instead of 403:
order deny,allow
deny from all
allow from 111.222.333.444
RedirectMatch 404 ".*\/\..*"
And the above does not work, what have I missed?
SPECS
1. .htaccess is inside a subdir
2. file is executed by virtualhost
NB
And by rendering, I mean recieving headers vs visual trickery.
Mod_rewrite can solve your problem.
Add the following to your htaccess.
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^1.2.3.5$
RewriteRule ^ - [R=404,L]
Replace 1.2.3.5 with your ip address.
Related
I am using htaccess config for allow only my IP:
order deny,allow
deny from all
allow from MY.IP
How can I redirect on 403 to another domain, for example when 403 -> go to www.google.com.
You can't send a 403 and redirect (3xx) in the same request. You do one or the other.
To redirect when the requesting IP is not your own then you would need to use mod_rewrite instead of mod_authz... as you are doing. For example, at the top of your .htaccess file:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !=203.0.113.111
RewriteRule ^ https://example.com/ [R,L]
Where 203.0.113.111 is your IP address and the https://example.com/ is the URL you want to send all other users to.
However, sending a 403 Forbidden is probably the better response.
I am looking to deny access to my /wp-admin/ folder to everyone but specific IP addresses. For everyone else, the page should serve a 404 error. Here's what I'm working with thus far:
# ALLOW USER BY IP
<Limit GET POST>
order deny,allow
deny from all
allow from 168.162.1.3
RedirectMatch 404 ".*"
</Limit>
I believe I'm close, but the problem is that a 404 error is not served, instead it creates a redirect loop. This would obviously be taxing on my server for no reason. So how then, can a simply serve a 404 error to everyone but these specific IP addresses and also deny them access to the repository?
Interesting idea. I'm curious as to why you're so keen on a 404 error as opposed to a 403! I guess you could be trying to mask WordPress but then you'll have to mask all the references to wp-content on the frontend too.
Anyway, let's get on with this. In order to do this, do this:
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !=8.8.8.8 [OR]
RewriteCond %{REMOTE_ADDR} !=127.0.0.1
RewriteRule ^wp-admin($|/) - [L,R=404]
Set 8.8.8.8 to your real IP Address. You can add additional OR conditions to whitelist other IPs the same way I did with localhost (127.0.0.1).
You will need to be using Apache 2.1.1 or above because we are using the R=404 flag.
It's still showing venue link and it doesn't redirect to directory-testing. is there any right way to redirecting in apache, on ubuntu.
RewriteRule ^(.*)/venue $1/directory-testing [R=301,L]
Have you actually enabled rewriting with:
RewriteEngine on
You can also check that your .htaccess file is actually being parsed. You can just put a syntax error in it and see if it returns error 500. If it doesn't, then you need to enable it in the <directory> section of your httpd.conf with:
AllowOverride All
What I want:
Protecting all files/folders but the index.php.
Apache:
Apache/2.4.2 (Win32) OpenSSL/1.0.1c PHP/5.4.4
Running as Service (xampp 1.8)
Not modified
My project structure
URL: "http://localhost/MyProject/"
PROJECT_DIRECTORY C:/xampp/htdocs/MyProject/
The project directory looks like:
config (folder)
ressources (folder)
sources (folder)
index.php
Problem:
I am having troubles with my .htaccess file as I do always receive a 403 or even a 500 Error.
I tried different settings to achieve the goal but none of these worked. I tried Directory, DirectoryMatch, Files, FilesMatch etc.
But I think it should be as easy as:
# Activate rewrite engine
RewriteEngine on
RewriteBase /
# Redirect all requests to index.php
RewriteRule ^(.*)$ index\.php?/$1 [QSA]
# Deny from all
Order deny,allow
Deny from all
# Allow only index.php
<Files "index.php">
Allow from all
</Files>
Or something like this:
...
# Deny from all
<Directory />
Order deny,allow
Deny from all
</Directory>
# Allow only root dir
<Directory "/MyProject" />
Allow from all
</Directory>
May someone can help me with this?
EDIT: I recently found out, that I cannot use the tag as the .htaccess is valid for the directory I put it in, so there is no need to define that directory inside .htaccess. This did not solve my problem but I know that the second example is wrong.
You can try this:
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/(index\.php)$
RewriteRule ^ - [L,F]
This will let requests for / and /index.php pass through while responding with a 403 Forbidden for anything else.
However, you've got this rule already:
# Redirect all requests to index.php
RewriteRule ^(.*)$ index\.php?/$1 [QSA]
So you don't really need to deny anything if everything is already being routed through index.php
How can I deny access to a directory in .htaccess?
I don't mean directory listing, I mean everything that is inside the directory along with the directory itself? It should give a 503 or 404 error.
I am talking about /img-sys and /java-sys which apparently do not exist (I did not create them), but still give a white screen when accessed rather than a 404 error.
Put this at the top of your .htaccess file:
RewriteRule ^(img-sys|java-sys) - [R=404]
This will do it. It'll just fail with a 403 Forbidden HTTP response code. Stick that in your VirtualHost block:
<LocationMatch "/(img|java)-sys">
Order allow,deny
Deny from all
</LocationMatch>