I was playing around with .htaccess files and I was wondering, completely out of curiosity, is it possible to redirect access to the .htaccess file itself to another file?
Example:
User goes to http://www.example.com/.htaccess
I want the user to be redirected to index.php?foo=bar
I've tried the following:
Redirect 301 /.htaccess /index.php?foo=bar
And
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^((?s).*)$ index.php?foo=bar [QSA,L]
</IfModule>
These methods work on any other file, but the .htaccess file itself always results in a 403 Forbidden page showing up.
Is this possible? If not, then why?
If you look in your webservers configuration file you will find some directive that prevents users from accessing .htaccess or .htpasswd file from the browser. For instance if I open up my apache configuration, located at /etc/apache2/apache.conf I can spot the following lines:
#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
So you should be able to change the above to:
Order allow,deny
Allow from all
you also need to make sure that you have the correct file permission on the .htaccess file and finally restart your server using:
sudo service apache2 restart
Of course doing the above would not be very secure.
Related
I want to restrict access to a directory and all of its' sub-dirs and file using the following:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^(.*)ht-test(.*)$ - [NC,R=401,L]
</IfModule>
It works fine on index.html but not test.php. I have not clue what's going on. Shouldn't ^(.*)ht-test(.*)$ match anything containing it in the URL? Tested it with this site and it seems to be mathing both php and html.
I also tried using <Directory "./ht-test"> Deny from All </Directory> but that gives me Internal Server Error no matter what I put in.
Here're my tests:
http://deepcorelabs.com/ht-test/index.html
http://deepcorelabs.com/ht-test/test.php
Finally, figured it out. There's a settings in Plesk for how PHP is served (under Hosting Settings for the domain)
I was using FPM application served by nginx which igonores .htaccess directives for PHP files.
Apparently, for performance reasons
After changing it to 'served by Apache' it worked as expected.
For some reason I thought disabling nginx proxy mode will disable it completely as service.
In my apache configuration I have a virtual host configured like this:
Alias /mediamanager /storage/files/mediamanager
<Directory /storage/files/mediamanager>
DirectoryIndex /mediaManagerIndex.php
DAV On
# ... And some authentication directives ... #
</Directory>
The idea is that someone can access the files both by a WebDAV-Client and also a simple web browser in which case some pretty directory view is generated by a PHP script.
That worked great in Apache 2.2, but recently I upgraded to Apache 2.4 and now it is broken. I highly suspect I I suffer from this bug which is already 2 years old and no fix in sight. The proposed workaround to add:
<Limit PROPFIND>
DirectoryIndex never-encounterable-file-name.html
</Limit>
Does not work for me. Probably because I still want to have a directory index. If I remove my DirectoryIndex altogether WebDAV works again (no index.html or similar files exists in this directory) but of course I loose the ability to use my PHP file as directory index. I tried to specify my DirectoryIndex in a <Limit GET> but this had no effect.
Is there any way to get both DAV and DirectoryIndex to work simultaneously in Apache 2.4 on Debian (if anyhow possible without changing the source code and recompiling)?
In order to fix this, disable directory indexing for the WebDAV site.
In your sites-available/site.conf file add DirectoryIndex disabled to the <Directory> declaration, like so:
<Directory /path/to/my/webdav/dir>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Require all granted
DirectoryIndex disabled
</Directory>
Then just reload Apache and you will no longer have that issue:
sudo service apache2 reload
For me, the following configuration solved both problems:
WebDAV works again
directory indexing, if the user uses a web browser to access the repository
It works by manually implementing the directory-indexing feature with simple rewrite rules, which are applied only for the GET request method.
The following code has to be placed inside the server config or virtual host context in the apache configuration file.
# Turn off (automatic) Directory-Indexing
DirectoryIndex disabled
RewriteEngine On
# Rewrite rules for the root directory
RewriteCond "%{REQUEST_METHOD}" "(GET)"
RewriteRule "^/$" "/index.php" [L]
# Rewrite rules for other sub-directories
RewriteCond "%{REQUEST_METHOD}" "(GET)"
# The following line checks, if the index.php file exists
RewriteCond "%{DOCUMENT_ROOT}/$1/index.php" "-f"
RewriteRule "^/(.*)/$" "/$1/index.php" [L]
Don't forget to reload Apache!
This is the solution I am currently using, located in a .htaccess file at the root of the directory tree used by the WebDav service. In this case I do not use PHP, only html files, but it can be easily adapted:
# Turn off automatic directory indexing
Options -Indexes
DirectoryIndex disabled
# Redirect directory requests to index.html, only for GET requests
RewriteEngine On
RewriteCond %{REQUEST_METHOD} "GET"
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^(.*)$ $1index.html [L]
In order to launch always the requested PHP file, just replace "index.html" on the last line by the PHP file name:
RewriteRule ^(.*)$ $1mediaManagerIndex.php [L]
I am writing scripts for Apache URL redirects.
I have researched the rewrite rules to be written.
Now I would like to know the procedure for implementing this.
Enabling mod_rewrites in http.conf
LoadModule rewrite_module modules/mod_rewrite.so
AddModule mod_rewrite.c
I have created .htaccess
Now I am not sure of the following.
1.Access rights required to do this.
2.The location to put .htaccess file
3.how to enable logs and write logs.
4.I have two web servers.Do I have to put this in both of them.
My rewrite rule looks some thing like this.
Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} old_domain\.com [NC]
RewriteRule ^(.*)$ http://www.new_domain.com/test$1 [L,R=301]
It would be good if some one help me with the step by step procedure to perform this.
1.Access rights required to do this.
You need write access to the folder the htaccess file is going to be uploaded to, and the htaccess file itself must have read rights by the webserver (most likely, the "apache" user)
Additionally, you need to have at the very least:
AllowOverride FileInfo
in the server config for the document root directory
2.The location to put .htaccess file
Based on the rules you have, you want it in the document root. It's denoted in the server config by the DocumentRoot directive
3.how to enable logs and write logs.
See: http://httpd.apache.org/docs/current/mod/mod_log_config.html
Specifically the TransferLog and ErrorLog directives
4.I have two web servers.Do I have to put this in both of them.
Do the same thing for each. If both webservers use the same document root, then obviously you don't need to put the htaccess file in 2 places. If they have different document roots, then put the htaccess file in both document roots.
I'm testing stuff on localhost, and this is my .htaccess file:
RewriteEngine On
RewriteRule ^login/?$ login.php [NC,L]
FallbackResource error.php
in my root directory (/var/www). It just doesn't work. I've already set the "AllowOverride All" in the configuration file: if I put garbage in .htaccess file I get an internal server error (and not a 404), meaning (I think) that the AllowOverride is set properly.
I get "Module rewrite already enabled" if I give "a2enmod rewrite" and, of course, I restarted apache.
Any suggestion? I don't know where to look.
I had the same problem. I found that this error occured only when I tried to access an address with the .php extension. If for example I tried to access test.mydomain.com/home.php, I would get a 404 error. If, however, I tried to access test.mydomain.com/home.html, I had no problem. So I thought it had to do with php interfering with the redirection.
Turns out I had to comment out the following line in my public_html .htaccess file:
#AddHandler application/x-httpd-php5s .php
After that, I could access files in the webroot folder.
I am trying to rewrite URLs using mod_rewrite. It is enabled in httpd.conf and url rewriting works if the lines are in the httpd.conf file. However, I would like the rules to be in the .htaccess file.
It doesn't appear that .htaccess is being processed at all by Apache on Win2k.
I have ReWriteLogging turned all the way up, but the log file isn't being created. The last line in httpd.conf is
AccessFileName .htaccess
.htaccess contents
RewriteEngine on
RewriteLog "c:/rewrite.log"
RewriteLogLevel 15
RewriteRule /alice.html$ /bob.html
Thanks
edit : Apache version 2.2 on Windows 2k
Check that AllowOverride FileInfo is enabled in httpd.conf for the directories affected; see also http://httpd.apache.org/docs/2.2/mod/core.html#allowoverride. You might also check permissions on the .htaccess files themselves, to ensure there's nothing preventing Apache from reading them.