php access to page forbidden - apache

hi am getting strange forbidden access message , anybody have any idea , its malware work or htaccess problem .
when i visit http://e-innovate.co.uk it give me angry response :)
Access to this page is forbidden. Sorry.
Sorry, but access to this page is forbidden. Even if you have authentication, you are still not allowed to access this page. It's not meant for your eyes - ever!
Check the URL you entered for any mistakes and try again. Alternatively, search for whatever is missing or take a look around the rest of our site.
here is my htaccess file
AddDefaultCharset UTF-8
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options +MultiViews
</IfModule>
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php
</IfModule>
ErrorDocument 401 /Error-401
ErrorDocument 403 /Error-403
ErrorDocument 404 /Error-404
ErrorDocument 500 /Error-500
ErrorDocument 503 /Error-503
# Disable directory browsing
Options All +Indexes
# Remove Trailing slash on url - START
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} ^(.+)/$
RewriteRule ^(.+)/$ /$1 [R=301,L]
# Remove Trailing slash on url -END
RewriteCond %{HTTP_HOST} ^dksbsolutions\.co\.uk$ [OR]
RewriteCond %{HTTP_HOST} ^www\.dksbsolutions\.co\.uk$
#RewriteRule ^/?$ "http\:\/\/www\.e\-innovate\.co\.uk" [R=301,L]
RewriteCond %{HTTP_HOST} ^dksbsolutions\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.dksbsolutions\.com$
#RewriteRule ^/?$ "http\:\/\/www\.e\-innovate\.co\.uk" [R=301,L]
RewriteCond %{HTTP_HOST} ^dksbsolutions\.uk$ [OR]
RewriteCond %{HTTP_HOST} ^www\.dksbsolutions\.uk$
#RewriteRule ^/?$ "http\:\/\/www\.e\-innovate\.co\.uk" [R=301,L]
# Redirect www. to non www. - START
RewriteCond %{HTTPS} off
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
# RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteCond %{HTTPS} on
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
# RewriteRule ^(.*)$ https://%1/$1 [R=301,L]
# Redirect www. to non www. - END
# HTTP Keep Alive - Start
<ifModule mod_headers.c>
Header set Connection keep-alive
Header set Vary "Accept-Encoding"
</ifModule>
# HTTP Keep Alive - End
ExpiresActive On
# Set a max-age of one day for caches
<IfModule mod_headers.c>
Header set Cache-Control "max-age=86400"
</IfModule>
# cache images and flash content for one month
<FilesMatch ".(js|css|flv|gif|jpg|jpeg|png|ico|swf|woff)$">
Header set Cache-Control "max-age=2592000"
</FilesMatch>
# cache text, css, and javascript files for one week
<FilesMatch ".(pdf|txt)$">
Header set Cache-Control "max-age=604800"
</FilesMatch>
# cache html and htm files for one day
<FilesMatch ".(html|htm)$">
Header set Cache-Control "max-age=43200"
</FilesMatch>
# CACHE - END
#GZIP BEGIN - COMPRESS - .CSS .JS .HTML .XHTML .PHP .TXT
<ifModule mod_deflate.c>
<filesMatch "\.(css|js|x?html?|php|txt|eot|svg|woff)$">
SetOutputFilter DEFLATE
</filesMatch>
</ifModule>
# GZIP END
# DISABLE IMAGE HOT LINKING - START
# RewriteCond %{HTTP_REFERER} !^$
# RewriteCond %{SERVER_NAME}%{HTTP_REFERER} !^(.*)https?://\1/
# RewriteRule \.(js|css|png|jpg|jpeg) - [R=404,L]
# DISABLE IMAGE HOT LINKING - END
#DENY ACCESS - START
<FilesMatch "db.php|php_error.php|error_log|\.tpl$">
Order allow,deny
Deny from all
</FilesMatch>
#DENY ACCESS - END
# STRONG HTACCESS PROTECTION
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>
### Security - Disable HTTP Track and Trace
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
# 5G BLACKLIST/FIREWALL (2013)
# # http://perishablepress.com/5g-blacklist-2013/
# 5G:[QUERY STRINGS]
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} (\"|%22).*(<|>|%3) [NC,OR]
RewriteCond %{QUERY_STRING} (javascript:).*(\;) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3) [NC,OR]
RewriteCond %{QUERY_STRING} (\\|\.\./|`|=\'$|=%27$) [NC,OR]
RewriteCond %{QUERY_STRING} (\;|\'|\"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if) [NC,OR]
RewriteCond %{QUERY_STRING} (base64_encode|localhost|mosconfig) [NC,OR]
RewriteCond %{QUERY_STRING} (boot\.ini|echo.*kae|etc/passwd) [NC,OR]
RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC]
RewriteRule .* - [F]
</IfModule>
# 5G:[REQUEST METHOD]
<ifModule mod_rewrite.c>
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
</IfModule>
# 5G:[BAD IPS]
<limit GET POST PUT>
Order Allow,Deny
Allow from all
# uncomment/edit/repeat next line to block IPs
# Deny from 123.456.789
</limit>


It seems that there is a permission/ownership issue for your files/folders. You cannot check Apache error log without root access. You should contact your host to investigate the root cause of this issue by checking Apache error log.
It is also possible that your host has changed server PHP/apache configurations which has caused this issue.

Related

Updating htaccess file with new contents gives errors

I need to make a certain configuration to my apache in order to utilize a certain npm package https://github.com/tlaverdure/laravel-echo-server over cpanel. So I was wondering if it is possible to safely add the follow code to an existing .htacess file.
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/socket.io [NC]
RewriteCond %{QUERY_STRING} transport=websocket [NC]
RewriteRule /(.*) ws://localhost:6001/$1 [P,L]
ProxyPass /socket.io http://localhost:6001/socket.io
ProxyPassReverse /socket.io http://localhost:6001/socket.io
Here are the contents of the .htaccess file:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Send Requests To Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php74” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php74 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
EDIT:
I do not have root access to place it within my /etc/httpd/conf/httpd.conf as a virtualhost.

I was able to resolve my problem by placing this within my .htaccess
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www\.)?sub.domain\.com
RewriteRule ^socket.io/? http://localhost:6001/socket.io [R=301,L]

Alternative procedure to prerender(not using prerender.io) in htaccess. Full custom code recommended

Is there any alternative procedure not to use prerender.io or custom way to implement it by writing code in htaccess? Need help. I am using angular 4 and apache server in back. Prerender.io asking for subscriptions.Please if anyone can help me writing the same custom code in htaccess.Here is my code in htaccess.
<IfModule mod_headers.c>
RequestHeader set X-Prerender-Token "xxxxxxxxxxxxxxxxxx"
</IfModule>
<IfModule mod_rewrite.c>
DirectoryIndex
RewriteEngine on
# Redirect www to non-www
RewriteCond %{HTTP_HOST} ^www\.(.*) [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
Options +FollowSymLinks
#RewriteRule ^api/(.*)$ http://weedbuys.com/api/$1 [P,L]
# Prerender.io stuff
<IfModule mod_proxy_http.c>
RewriteCond %{HTTP_USER_AGENT} Baiduspider|DoCoMo|Twitterbot|
TweetmemeBot|Twikle|Netseer|Daumoa|SeznamBot|Ezooms|MSNBot|Exabot|MJ12bot|sogou\
sspider|bitlybot|ia_archiver|proximic|spbot|ChangeDetection|NaverBot|MetaJobBot|magpiecrawler|Genieo\sWeb\sfilter|Qualidator.com\sBot|Woko|Vagabondo|360Spider|ExB\
sLanguage\sCrawler|AddThis.com|aiHitBot|Spinn3r|BingPreview|GrapeshotCrawler|
CareerBot|ZumBot|ShopWiki|bixocrawler|uMBot|sistrix|linkdexbot|AhrefsBot|archive.
org_bot|SeoCheckBot|TurnitinBot|VoilaBot|SearchmetricsBot|Butterfly|
Yahoo!|Plukkie|yacybot|trendictionbot|UASlinkChecker|Blekkobot|Wotbox|YioopBot|
meanpathbot|TinEye|LuminateBot|FyberSpider|Infohelfer|linkdex.com|Curious\sGeorge|FetchGuess|ichiro|MojeekBot|SBSearch|WebThumbnail|socialbm_bot|SemrushBot|Vedma|alexa\ssite\
saudit|SEOkicks-Robot|Browsershots|BLEXBot|woriobot|AMZNKAssocBot|Speedy|oBot|
HostTracker|OpenWebSpider|WBSearchBot|FacebookExternalHit [NC,OR]
RewriteCond %{QUERY_STRING} _escaped_fragment_
# Only proxy the request to Prerender if it's a request for HTML
RewriteRule ^(?!.*?(\.js|\.css|\.xml|\.less|\.png|\.jpg|\.jpeg|\.gif|
\.pdf|\.doc|\.txt|\.ico|\.rss|\.zip|\.mp3|\.rar|\.exe|\.wmv|\.doc|\.avi|\.ppt|\.mpg|\.
mpeg|\.tif|\.wav|\.mov|\.psd|\.ai|\.xls|\.mp4|\.m4a|\.swf|\.
dat|\.dmg|\.iso|\.flv|\.m4v|\.torrent))(.*) http://service.prerender.io/http://weedbuys.com/$2
[P,L]
</IfModule>
# Don't rewrite files or directories, but exclude adminer directory
RewriteRule ^(adminer)($|/) - [L]
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^ - [L]
# Rewrite everything else to index.html to allow html5 state links
RewriteRule ^adminer - [L,NC]
RewriteRule ^ index.html [L]
</IfModule>

Allow Adwords Query ?gclid=* in .htaccess

I have a problem with my adwords session that are not tracked because my htaccess is rewriting query strings to the original url.
https://www.example.com/toto?gclid=Test-1234 is redirect to https://www.example.com/toto
Below, a portion of my htaccess :
############################################
## redirection 301 https
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
############################################
## make HTTPS env vars available for CGI mode
SSLOptions StdEnvVars
</IfModule>
<IfModule mod_rewrite.c>
redirect 301 /home http://www.example.com
############################################
## enable rewrites
Options +FollowSymLinks
RewriteEngine on
############################################
## you can put here your magento root folder
## path relative to web root
#RewriteBase /magento/
############################################
## uncomment next line to enable light API calls processing
# RewriteRule ^api/([a-z][0-9a-z_]+)/?$ api.php?type=$1 [QSA,L]
############################################
## rewrite API2 calls to api.php (by now it is REST only)
RewriteRule ^api/rest api.php?type=rest [QSA,L]
############################################
## workaround for HTTP authorization
## in CGI environment
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
############################################
## TRACE and TRACK HTTP methods disabled to prevent XSS attacks
RewriteCond %{REQUEST_METHOD} ^TRAC[EK]
RewriteRule .* - [L,R=405]
############################################
## redirect for mobile user agents
#RewriteCond %{REQUEST_URI} !^/mobiledirectoryhere/.*$
#RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC]
#RewriteRule ^(.*)$ /mobiledirectoryhere/ [L,R=302]
############################################
## always send 404 on missing files in these folders
RewriteCond %{REQUEST_URI} !^/(media|skin|js)/
############################################
## never rewrite for existing files, directories and links
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
############################################
## rewrite everything else to index.php
RewriteRule .* index.php [L]
</IfModule>
Could you help me please ? Many thanks.
Julien

Redirect www to non-www not working

I'm trying to redirect from www.mydomain.com to mydomain.com but I keep failing. I used default Laravel htaccess file and I modified it to remove www from my links.
Can someone tell me what's wrong here:
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
# Redirect Trailing Slashes...
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
<IfModule mod_deflate.c>
<FilesMatch "\.(html|php|txt|xml|js|css)$">
SetOutputFilter DEFLATE
</FilesMatch>
</IfModule>

isapi rewrite rules remove blog from wordpress url

while i am new to rewrite I will try to outline this problem in english first than start a thread on how to fix this issue with all your help.
I am trying to remove the folder /blog/ from the following url:
http://blog.site.com/blog/2011/05/26/article-name-test/
with:
http://blog.site.com/2011/05/26/article-name-test/

Put this code in your .htaccess file:
Options +FollowSymlinks -MultiViews
RewriteEngine on
RewriteRule ^blog/?(.*)$ /$1 [R=301,L,NE,NC]
Update: Based on your comments
Here is your suggested .htaccess:
RewriteCond %{HTTP_HOST} ^www\.site\.me$ [NC]
RewriteRule ^ http://site.me%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTP_HOST} ^holisticho\.me$ [NC]
RewriteRule ^blog/ http://blog.site.me [R=301,L,NC]
Chris Hough Current Edits
Options +FollowSymlinks -MultiViews -Indexes
# ------------------------------------------------------------
# Core rewrite rules
# -----------------------------------------------------------
RewriteEngine on
# -----------------------------------------------------------
# Redirect deleting leading www to root domain if no specified sub is used:
# Allowed Subs: our, test, test.blog, local, local.blog
# -----------------------------------------------------------
RewriteCond %{HTTP_HOST} !^(our|test|test\.blog|local|local\.blog)\.holisticho\.me$ [NC]
RewriteCond %{HTTP_HOST} ^([^.]+)\.holisticho\.me$
RewriteRule ^(.*)$ http://holisticho.me/$1 [R=301,L]4
# -----------------------------------------------------------
# Temporary Base Redirect Until Phase One Has been completed
# -----------------------------------------------------------
RewriteCond %{HTTP_HOST} ^holisticho\.me$ [NC]
RewriteRule ^(.*)$ http://our.holisticho.me/$1 [R=301,L]
# -----------------------------------------------------------
# Redirect Any Domains not speficied using /blog/ to the primary url for the blog
# -----------------------------------------------------------
RewriteCond %{HTTP_HOST} ^(test|local)\.holisticho\.me$ [NC]
RewriteCond %{REQUEST_URI} ^/blog/$ [NC]
RewriteRule (.*) http://our.holisticho.me/ [R=301,L]
# -----------------------------------------------------------
# User can use /login or /admin to log into WP
# -----------------------------------------------------------
RewriteCond %{HTTP_HOST} ^(our|test\.blog|local\.blog)\.holisticho\.me$ [NC]
RewriteRule ^(login|admin)$ http://%{HTTP_HOST}/blog/wp-login.php [NC,L]
# -----------------------------------------------------------
# If the wp-admin redirect is triggered redirect to the log in page with no query string
# -----------------------------------------------------------
RewriteCond %{HTTP_HOST} ^(our|test\.blog|local\.blog)\.holisticho\.me$ [NC]
RewriteCond %{REQUEST_URI} wp-login [NC]
RewriteCond %{QUERY_STRING} redirect_to [NC]
RewriteRule () http://%{HTTP_HOST}/blog/wp-login.php$1? [R=permanent,NC,L]
# -----------------------------------------------------------
# Add hidden "/blog/" to the url structure
# -----------------------------------------------------------
RewriteCond %{HTTP_HOST} ^(our|test\.blog|local\.blog)\.holisticho\.me$ [NC]
RewriteRule !^blog/ blog%{REQUEST_URI} [L,NE,NC]
# -----------------------------------------------------------
# Wordpress Permalink formatting
# -----------------------------------------------------------
RewriteCond %{HTTP_HOST} ^(our|test\.blog|local\.blog)\.holisticho\.me$ [NC]
RewriteRule ^index\.php$ - [L,NE,NC]
RewriteCond %{HTTP_HOST} ^(our|test\.blog|local\.blog)\.holisticho\.me$ [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L,NE,NC]
# -----------------------------------------------------------
# Site Wide Error Controllers
# -----------------------------------------------------------
ErrorDocument 400 /400.php
ErrorDocument 401 /401.php
ErrorDocument 402 /402.php
ErrorDocument 403 /403.php
ErrorDocument 404 /404.php
# -----------------------------------------------------------
# Using browser cache: FileETag MTime Size
# -----------------------------------------------------------
<ifmodule mod_expires.c>
<filesmatch "\.(jpg|gif|png|css|js)$">
ExpiresActive on
ExpiresDefault "access plus 1 year"
</filesmatch>
</ifmodule>
# -----------------------------------------------------------
# Compress static data
# -----------------------------------------------------------
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/javascript text/css application/x-javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html
# -----------------------------------------------------------
# Protect blog from hotlinking
# -----------------------------------------------------------
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?holisticho\.me/ [NC]
RewriteCond %{HTTP_REFERER} !^$
#Replace /images/nohotlink.jpg with your "don't hotlink" image url
RewriteRule .*\.(jpe?g|gif|bmp|png)$ /includes/images/administrative/NoHotlinking.png [L]
# -----------------------------------------------------------
# Fix for infinite loops
# -----------------------------------------------------------
RewriteCond %{ENV:REDIRECT_STATUS} 200
RewriteRule .* - [L]
# -----------------------------------------------------------