I am using Apache httpd. I enabled apache's rewrite module. I need to block few urls (referer spam). I have permission to edit httpd.conf file. Is below syntax correct to block multiple urls?
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
RewriteEngine on
RewriteCond %{HTTP_REFERER} example.com [NC]
RewriteCond %{HTTP_REFERER} sample.com [NC]
RewriteCond %{HTTP_REFERER} somexxx.com [NC]
RewriteRule .* - [F]
</Directory>
I'm not an expert but, I think that:
the . in the RewriteCond needs to be escaped
you need OR flags on all but the final RewriteCond
the L flag on the RewriteRule helps performance
if you use a capture group you'll also block subdomains
So, I think you'll want something like this:
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
RewriteEngine on
RewriteCond %{HTTP_REFERER} (example\.com) [NC,OR]
RewriteCond %{HTTP_REFERER} (sample\.com) [NC,OR]
RewriteCond %{HTTP_REFERER} (somexxx\.com) [NC]
RewriteRule .* - [F,L]
</Directory>
Related
I am trying the below code but not working for me
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.html -f
RewriteRule ^(.*)$ $1.html
Simple solution, enable MultiViews in Apache.
MultiViews hides the file extension in the URL.
<Directory "/folder/subfolder/subfolder">
Options +MultiViews
</Directory>
Where and how to use <Directory /> in order to prevent files and folder access in the / . <Directory /> gives for me 500 Internal Server error.
.htaccess
#if i add the next 6 lines (10 lines), i am getting the error "Internal Server Error"
<Directory />
Order deny,allow
Deny from all
Options None
AllowOverride All
</Directory>
<Directory /web>
Order Allow,Deny
Allow from all
</Directory>
RewriteEngine On
RewriteBase /
Options -MultiViews
DirectoryIndex /web/index.php
RewriteCond %{HTTP_HOST} ^somedomain\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.somedomain\.com$
RewriteRule ^/?$ "https\:\/\/somedomain\.com" [R=301,L]
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteCond %{ENV:REQUEST_FILENAME} !-d
RewriteCond %{ENV:REQUEST_FILENAME} !-f
RewriteCond %{ENV:REQUEST_FILENAME} !-l
RewriteRule ^(.*)$ /web/index\.php?url=$1 [QSA,L]
Directory location must contain full relative path including /var/www/ or whatever you have there.
Hope it helps!
I have set in my Apache config to allow mod_rewrite:
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride None
AllowOverride All
</Directory>
$ sudo a2enmod rewrite
$ service apache2 restart
But why my URLs with .html won't work? eg:
mysite.com/about.html
mysite.com/contact.html
but it works with:
mysite.com/about
mysite.com/contact
How can I have URLs with .html working as well?
EDIT:
This is the .htaccess (modx):
# For full documentation and other suggested options, please see
# http://rtfm.modx.com/evolution/1.0/administration/friendly-url-solutions
# including for unexpected logouts in multi-server/cloud environments
# and especially for the first three commented out rules
#php_flag register_globals Off
AddDefaultCharset utf-8
#php_value date.timezone Europe/Moscow
#Options +FollowSymlinks
RewriteEngine On
RewriteBase /
# Fix Apache internal dummy connections from breaking [(site_url)] cache
RewriteCond %{HTTP_USER_AGENT} ^.*internal\ dummy\ connection.*$ [NC]
RewriteRule .* - [F,L]
# Rewrite domain.com -> www.domain.com -- used with SEO Strict URLs plugin
#RewriteCond %{HTTP_HOST} !^$
#RewriteCond %{HTTP_HOST} !^www\. [NC]
#RewriteCond %{HTTP_HOST} (.+)$
#RewriteRule ^(.*)$ http://www.%1/$1 [R=permanent,L] .
# without www
#RewriteCond %{HTTP_HOST} .
#RewriteCond %{HTTP_HOST} !^example\.com [NC]
#RewriteRule (.*) http://example.com/$1 [R=301,L]
# without www all domains
#RewriteCond %{HTTP_HOST} .
#RewriteCond %{HTTP_HOST} ^www.(.*)$ [NC]
#RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
# Exclude /assets and /manager directories and images from rewrite rules
RewriteRule ^(manager|assets)/.*$ - [L]
RewriteRule \.(jpg|jpeg|png|gif|ico)$ - [L]
# For Friendly URLs
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
# Reduce server overhead by enabling output compression if supported.
#php_flag zlib.output_compression On
#php_value zlib.output_compression_level 5
I don't see any rule there saying about having .html...
First thing it doesn't make any sense to have these two opposite meaning directives one after another:
AllowOverride None
AllowOverride All
You just need later part that is:
AllowOverride All
Secondly to support extension-less URLs you just need to enable MultiViews option as:
Options Indexes FollowSymLinks MultiViews
I'm trying to setup Yii2 Advanced Template on my server the front-end works but the back-end has problems all the assets return a 404 Error .
This is my Apache 2 vhost :
DocumentRoot /var/www/.../frontend/web
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/.../frontend/web/>
Options Indexes +FollowSymLinks MultiViews
AllowOverride All
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/backend [NC]
RewriteRule . backend/index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php
Order allow,deny
allow from all
</Directory>
The "..." are in place to make the path shorter, please ignore them .
Also the backend is a symlink
Any ideas ?
Best regards,
Paul.
OK, maybe this will help others too .
What I've done is I've declared an Alias and another Directory directive also an RewriteBase declaration is needed for this to work.
<Directory /var/www/.../www/frontend/web/>
Options Indexes +FollowSymLinks MultiViews
AllowOverride All
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
Order allow,deny
allow from all
</Directory>
Alias /backend /var/www/.../backend/web/
<Directory /var/www/.../backend/web/>
Options -Indexes FollowSymLinks MultiViews
AllowOverride All
RewriteEngine on
RewriteBase /backend
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php
Order allow,deny
allow from all
</Directory>
I have a VirtualServer at api.host.com and I need to access the same content at app.host.com/api.
In Apache a have the following rule in httpd.conf :
<VirtualHost app.host.com>
DocumentRoot "C:\webserver\public\webapp"
ServerName app.host.com
<Directory "C:\webserver\public\webapp">
Options Indexes FollowSymLinks Includes ExecCGI
AllowOverride All
Require all granted
</Directory>
Alias /api/ "C:/webserver/public/api/"
<Directory "C:/webserver/public/api/">
Order allow,deny
Allow from all
Require all granted
Options Indexes FollowSymLinks
</Directory>
</VirtualHost>
And in C:/webserver/public/webapp, .htaccess is :
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php?_url=/$1 [QSA,L]
RewriteRule ^/api/(.*)$ /api/index.php?_url=/$1 [QSA,L]
RewriteRule ^api/(.*)$ api/index.php?_url=/$1 [QSA,L]
I'm getting 404 not found when I access app.host.com/api/test but in app.host.com/api it is all ok.
In C:/webserver/public/api, .htaccess is :
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php?_url=/$1 [QSA,L]
And works just fine with api.host.com/test.
You need to swap the order of your rules. Your first rule's ^(.*)$ regex is matching all of your requests, so you need your api stuff before that rule gets a chance to match the request. Something like this:
RewriteEngine On
RewriteRule ^/?api/(.*)$ /api/index.php?_url=/$1 [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php?_url=/$1 [QSA,L]
In httpd.conf, I changed the path to
Alias /**apicall**/ "C:/webserver/public/api/"
<Directory "C:/webserver/public/api/">
Order allow,deny
Allow from all
Require all granted
Options Indexes FollowSymLinks
</Directory>
And used Jon Lin hint, changing .htaccess rule to
RewriteRule ^api/?(.*)$ /apicall/index.php?_url=/$1 [QSA,L]