mod_rewrite root URLs for players AND website pages - apache

I have player names working from the root directory something.com/username I also have an ID working to load a profile form ID instead something.com/id/1234, But I also want to be able to load my pages from index.php?page=about from something.com/about There are only about 6-10 pages, so I could create these manually in the htaccess.
I also need my search page to work with parameters something.com/search/searchterms
This is my current htaccess file.
# BEGIN Pretty Url's
Options -Indexes
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
#Rewrite all urls to use slash at the end.
#RewriteRule ^(.*[^/])$ ./$1/ [L,R=301]
RewriteRule ^([_A-Z0-9a-z-+\.]+)/?$ ./pages/player.php?p=$1 [L]
RewriteRule ^id/([_0-9-+\.]+)/?$ ./pages/player.php?id=$1 [L]
# END Pretty Url's
# BEGIN Security Features
# Deny config.php
<files config.php>
order allow,deny
deny from all
</files>
# Deny all .hta* files
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>
# Deny access to version file
<files inc/version.php>
order allow,deny
deny from all
satisfy all
</files>
# Deny access to security file
<files inc/security.php>
order allow,deny
deny from all
satisfy all
</files>
# END Security Features

Just add them all above the rules you already have:
RewriteEngine On
RewriteRule ^(about|page1|page2|etc)$ /index.php?page=$1 [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([_A-Z0-9a-z-+\.]+)/?$ ./pages/player.php?p=$1 [L]
RewriteRule ^id/([_0-9-+\.]+)/?$ ./pages/player.php?id=$1 [L]
Assuming the list of pages that you have is "about", "page1", "page2", and "etc". Note that doing something like this means you have have player names that are the same as your page names.

Related

Hosting vue app with Apache: Prevent source file access from URL

I want to host a vue app on an Apache server - for learning purpose.
For that I want Apache to support the Vue router and also I want that it is not possible to access source files via URL.
To support the router I added the following lines to my httpd.conf file:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.html [L]
</IfModule>
Vue documentation
So that is working. But now I want to prevent the access of my source files via URL. So I tried the approach from this answer:
https://stackoverflow.com/a/10236791/9838670
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]
For testing I added CSS files to the rewrite rule
RewriteRule \.(gif|jpg|css)$ - [F]
But then my index.html could not access the files, too.
Anyone an idea how to fix this?
My settings for the directory root. Also I am loading the module for the rewrite engine.
LoadModule rewrite_module modules/mod_rewrite.so
DocumentRoot "../../dist/"
<Directory "../../dist/">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# AllowOverride FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Require all granted
# THIS DOES NOT WORK
# Rewrite engine
# RewriteEngine on
# RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost [NC]
# RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost.*$ [NC]
# RewriteRule \.(gif|jpg|css)$ - [F]
# RedirectMatch "^/$" "/home"
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.html [L]
</IfModule>
</Directory>
Let's say Apache document root is set to DocumentRoot "/folder_one/folder_two"
Placing files in a folder_one will prevent people browsing your apache server and requesting the files directly.
Place index file in folder_two and include some code such as PHP to tell apache to include whatever files you want from folder_one.
In this manor Apache will still be able to serve whatever files you want from folder_one and people will not be able to request the files directly as the are located in a directory above the Apache document root.

Mod rewrite not working on apache2

I work on apache2 server. I am trying to display webpages on my website without the file extension .php using the following .htaccess file:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php
# 1 ---- Establish a custom 404 File not Found page ----
ErrorDocument 404 /filenotfound.php
# 2 ---- Prevent directory file listing in all of your folders ----
IndexIgnore *
It is simply not working. I still see my webpages with .php extension in my browser.
I have mod rewrite module loaded and also I made changes in apache2.conf file as follows:
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
Also my .htaccess file is doing other jobs (i.e. redirecting the 404 to filenotfound.php ) without any problem. So why is this rewrite rule not working? How can I possibly debug the .htaccess file?
I still see my webpages with .php extension in my browser.
Well you don't even have a rule to redirect a request with .php to a URL without it.
Have your rules as this:
# 1 ---- Establish a custom 404 File not Found page ----
ErrorDocument 404 /filenotfound.php
# 2 ---- Prevent directory file listing in all of your folders ----
IndexIgnore *
RewriteEngine On
## hide .php extension
# To externally redirect /dir/file.php to /dir/file
RewriteCond %{THE_REQUEST} \s/+(.+?)\.php[\s?] [NC]
RewriteRule ^ /%1 [R=302,L,NE]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{DOCUMENT_ROOT}/$1\.php -f [NC]
RewriteRule ^(.+?)/?$ /$1.php [L]

Apache - Deny access to all directories except public

I am developing a tool and I'm stuck at this point: I want to define a set of rules for each directory, basically I want only 'Public' folder avaible, and to deny access to other folders.
My directoy structure is
uapi(root)/
Application
Config
Public/
Index.php
Storage
.htaccess
and here is .htaccess file
<Directory /Public>
Order Deny, Allow
Allow from all
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ Index.php/$1 [L]
</IfModule>
</Directory>
<Directory /Config>
Order Deny, Allow
Deny from all
</Directory>
<Directory /Application>
Order Deny, Allow
Deny from all
</Directory>
<Directory /Storage>
Order Deny, Allow
Deny from all
</Directory>
As this doc page says, you cannot use the <Directory> directive inside htaccess, but only inside server conf files.
This is not a problem in your case anyway: you can store one .htaccess file inside each directory, eg. create these files:
Public/.htaccess
Order Deny, Allow
Allow from all
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ Index.php/$1 [L]
</IfModule>
/Config/.htaccess
Order Deny, Allow
Deny from all
/Application/.htaccess
Order Deny, Allow
Deny from all
/Storage/.htaccess
Order Deny, Allow
Deny from all
You can do all that using mod_rewrite itself from your main DOCUMENT_ROOT/.htaccess file. Use this code:
Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
RewriteBase /
RewriteRule ^(Application|Storage)(/.*|)$ - [NC,F]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^Public/(.*)$ /Public/Index.php/$1 [L,NC]
This code will throw Forbidden error for all the requests for /Storage/* or /Application/* but will let /Public/* be handled by /Public/index.php.
For Apache httpd server 2.4 you can do that in this way:
In httpd.conf or in a .conf file in httpd/conf.d/ dir.
<Directory "/uapi/">
Require all denied
</Directory>
<Directory "/uapi/public">
Require all granted
</Directory>
I tested this config. The reference is here.
You should be able to do this in .htaccess files too, if you don't have access to the Apache config files.
That would be, in /uapi/.htaccess:
Require all denied
and in /uapi/Public/.htaccess
Require all granted
As mentioned above, you can't use inside an .htaccess file. From Apache docs:
Note that unlike <Directory> and <Location> sections, <Files> sections can be used inside .htaccess files.
More general documentation:
https://httpd.apache.org/docs/2.4/howto/access.html

How to redirect all traffic to Apache document root

I have tinycms application and how could I forward all traffic to document root?
Example:
http://<IP-address>/ADFADSF/adsfadsf --> /
http://domain.com/adsf --> /
Currently, I have this in my .htaccess
<Files .htaccess>
order allow,deny
deny from all
</Files>
Options +FollowSymLinks
RewriteRule admin/$ index.php?view=admin [QSA]
Options -Indexes
Thanks.
James
Using mod_rewrite:
RewriteRule ^/?.+$ / [L,R]
Using mod_alias:
RedirectMatch ^/.+ /
This will,m of course, render the RewriteRule admin/$ index.php?view=admin [QSA] rule useless, or at the very least, cause some conflicts. So you should either comment that rule out, or create a special exception where all traffic except admin/ gets redirected.
EDIT:
How Im gonna do that to make an rule except admin/ ?
Here's one way to do it, I'm only guessing that this is the behavior you want. This stuff does not change, it's fine the way it is:
<Files .htaccess>
order allow,deny
deny from all
</Files>
Options +FollowSymLinks -Indexes
Add a:
RewriteEngine On
Then:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !^/(index\.php|admin)
RewriteRule ^/?.+$ / [L,R]
RewriteRule admin/$ index.php?view=admin [QSA,L]
So putting all that together, you have the deny for accessing .htaccess files. Then you have your Options, then your rewrite rules. You need to turn the RewriteEngine on, then redirect any request that isn't /index.php or /admin, then internally rewrite /admin to /index.php.

CodeIgniter remove index.php apache mod_rewrite

I'm using CodeIgniter on a Windows machine using the Zend Comunity Server with apache. My apache is properly configured to handle .htaccess directives and mod_rewrite is enabled (httpd.conf):
<Directory />
Options FollowSymLinks
AllowOverride FileInfo
Order deny,allow
Deny from all
</Directory>
My root is C:\www\ and my site is located in C:\www\david\ and when I type http://localhost/david/, the index.php is loaded along with the correct controller. I want to access my things directly through http://localhost/david/Articles/ instead of http://localhost/david/index.php/Articles/. To do this I have to use apache rewrite module.
To do so, I've placed a .htaccessfile in the C:\www\david\ folder. This file contains code I found on here :
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /david/
#Removes access to the system folder by users.
#Additionally this will allow you to create a System.php controller,
#previously this would not have been possible.
#'system' can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} ^core.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#When your application folder isn't in the system folder
#This snippet prevents user access to the application folder
#Submitted by: Fabdrol
#Rename 'application' to your applications folder name.
RewriteCond %{REQUEST_URI} ^application.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn't true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
</IfModule>
<IfModule !mod_rewrite.c>
# If we don't have mod_rewrite installed, all 404's
# can be sent to index.php, and everything works as normal.
# Submitted by: ElliotHaughin
ErrorDocument 404 /index.php
</IfModule>
I made a couple of changes to the code since my configuration is a bit different from the default. I'm not on the root so : 'RewriteBase /davidfrancoeur.com/' and I've renamed the CodeIgniter system folder for additional security so :
RewriteCond %{REQUEST_URI} ^core.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
With this done, anything should work properly, I should be able to access http://localhost/david/Articles/ without a problem and I think I shouldn't be able to reach http://localhost/david/core/config/config.php directly.
Unfortunately, it doesn't work, it doesn't even look like any rewriting is done. Do you see if I'm doing something wrong here? Is there a way to know if apache actually rewrite anything?
Thanks a lot. And yes I looked at the millions of article I could found about this... :(
EDIT
CI 2.0.2, PHP 5.3, Apache 2.2
It will work.....actually your first two rewrite conditions and rules are working but in third rewrite condition you are allowing user to access request file ,even if it is core or system file.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !^core.*
RewriteCond %{REQUEST_FILENAME} !^system.*
RewriteRule ^(.*)$ index.php?/$1 [L]
Edit: Fixed 'rewrite' typo
After looking carefully into the httpd.conf of my Zend Community Server, I realized that there was two <Directory />instruction. The first one was empty as shown in the question and the second one looked like that :
<Directory "C:\Dropbox\www">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
I changed the following line AllowOverride None to AllowOverride All` and it worked. For those who would like to know more about URL rewrite with CodeIgniter look there : http://codeigniter.com/wiki/mod_rewrite/
And to understand properly what AllowOverridedoes read : http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride
Thanks again to ever helped!
ppet prevents user access to the application folder
#Submitted by: Fabdrol
#Rename 'application' to your applications folder name.
RewriteCond %{REQUEST_URI} ^application.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn't true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]