htaccess don't protect folders, accessed from central index.php - apache

I have this structure, where 'param' determines which folder must access to:
index.php?param
./folder1/ (index.php + .htaccess)
./folder2/ (index.php + .htaccess)
...
Where index.php do: ...require(key($_GET)."/index.php")...
Every folder have an .htaccess that require authentication by different user names. The problem is, when I authenticate for first time to one of them, then allow me to access to the other folders without their specific authentication. Why?
PD: I have my motivations for do "require(key($_GET)."/index.php")" instead of simply do "/folder1".

If you use require then PHP is loading the index.php file and HTTP Auth isn't enforced (assuming your auth is in the htaccess files). Instead of using require, you can route the request using mod_rewrite. So in the htaccess of your root directory:
RewriteEngine On
RewriteCond %{QUERY_STRING} !^$
RewriteCond %{DOCUMENT_ROOT}/%{QUERY_STRING}/index.php -f
RewriteRule ^index\.php$ /%{QUERY_STRING}/index.php [L]

Related

Apache choose folder based on url parameter and keep url

I'd like to have a way to access folders on my server based on the name given in the url as a parameter.
Let's say my website is www.site.com
I'd like to access custom folders under the main directory by sending a parameter on the url but without having a redirect changing the url.
So I'd provide the folder in the parameter: www.site.com/dev1
This way people wouldn't have to remember the full url be aware of it.
my base folder as per the vhost is /var/www/developers
the subfolders are dev1, dev2, dev3 and so on.
Under dev1/2/3 there is a folder called Portal.
-/var/www/developers
--/var/www/developers/dev1
----/var/www/developers/dev1/Portal
------/var/www/developers/dev1/website/Portal
my current .htaccess is:
RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}/$1/website/Portal -f
RewriteRule ^([^/]*)/?$ /$1/website/Portal [L]
Whilst it is working, it keeps changing my url to www.site.com/dev1/Portal
That is happening because mod_dir is adding a trailing slash after directory portal.
Have your rule like this by having a trailing slash in your rule:
RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}/$1/website/Portal -d
RewriteRule ^([^/]+)/?$ /$1/website/Portal/ [L]

Accessing a websites home file without the file name and extension

I am working on a website that has a URL such as the following:
http://www.domain.com/directory/home.php
I was wondering if it is possible to set up the site so users can access it like so:
http://www.domain.com/directory/
And the browser will automatically find and render the home.php file?
Many thanks in advance!
Assuming you are using Apache, from the docs:
The DirectoryIndex directive sets the list of resources to look for,
when the client requests an index of the directory by specifying a /
at the end of the directory name. Local-url is the (%-encoded) URL of
a document on the server relative to the requested directory; it is
usually the name of a file in the directory. Several URLs may be
given, in which case the server will return the first one that it
finds. If none of the resources exist and the Indexes option is set,
the server will generate its own listing of the directory.
Add this to the httpd.conf file :
DirectoryIndex home.php
Then to remove the .php from the URLs, add this to the .htaccess file in the root folder.
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule (.*) $1.php [L]

mod_rewrite to remove index.php from Codeigniter in subdirectory

Codeigniter applications commonly use mod_rewrite to exclude the string index.php from the url. I have two Codeigniter applications within the same domain. One Codigniter application is in the web root folder, another Codigniter application is in a subfolder of the web root folder.
Codeigniter application 1:
http://domain.com/index.php
Codeigniter application 2 (the landing page application):
http://domain.com/land/index.php
The two Codeigniter applications are each atomic and do not share any files between them. Every file in the Codeigniter framework is in public_html/ and again in public_html/land/. So I need to exclude the string index.php in urls addressing the root / folder and also exclude the string index.php in the /land/ subfolder.
The .htaccess file in the root folder uses the widely recommended mod_rewrite rules (code below) from the Codeigniter wiki, and this set of rules works well for the root Codeigniter application (application 1). These rules reside in web root folder.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
#Removes access to the system folder by users.
#Additionally this will allow you to create a System.php controller,
#previously this would not have been possible.
#'system' can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#When your application folder isn't in the system folder
#This snippet prevents user access to the application folder
#Rename 'application' to your applications folder name.
RewriteCond %{REQUEST_URI} ^application.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn't true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
</IfModule>
<IfModule !mod_rewrite.c>
# If we don't have mod_rewrite installed, all 404's
# can be sent to index.php, and everything works as normal.
ErrorDocument 404 /index.php
</IfModule>
The above set of rules has no problem removing index.php from the urls in the root Codeigniter application. But this set of rules does not seem to allow the mod_rewrite rules in public_html/land/.htaccess to execute.
When I remove the mod_rewrite rules in public_html/.htaccess, then the mod_rewrite rules in public_html/land/.htaccess start being evaluated.
Is there a way to change the mod_rewrite rules in public_html/.htaccess to handle the special case of a url intended to access the /land/ subfolder?
I think the best solution might be to change the mod_rewrite rules in public_html/.htaccess to allow the mod_rewrite rules in public_html/land/.htaccess to execute when the subfolder is addressed in the url. I am open to any suggestions.
Pre-emptive answer to the question "why don't you just use a subdomain?" 1. Saving money on the SSL certificate. 2) Non-techical users are sometimes confused by subdomains for marketing the base domain name.
Pre-emptive answer to "why don't you combine the Codeigniter applications to use the same files in the framework?" Duplicating the framework files is an easy way to keep the versioning repositories separated.
The problem is the rules in public_html/.htaccess are rewriting the URL's going to /land/, you need a passthrough which makes it so nothing happens when /land/ is requested.Add:
RewriteRule ^land/ - [L]
before the rest of your rules.
Add a rule at the top to just go to the land subfolder if it's part of the request string. That way, the rules in /land/.htaccess will be executed instead of the subsequent rules in /.htaccess. So put this at the top:
RewriteRule ^land.*$ - [NC,L]
This will check if the request begins with 'land' and redirect it to the subdirectory, where .htaccess rules corresponding to that subdirectory will be applied instead.
The reason the existing rule checking for files and folders and not doing the rewrite if the request corresponds to one of them is because whatever follows 'land' in the request is probably not a real file, and so the rewrite rule fires.

htaccess force redirect based on cookie not working for sub-directories

I have a folder for one of my domains /site. Here I have a .htaccess file with:
rewriteengine on
rewritebase /
rewritecond %{HTTP_COOKIE} !allow=asdx
rewriterule ^.*$ .set-cookie.php
Basicly I want to redirect all requests that do not have the allow cookie set to "asdx" to another file.
The problem is that I have folders like /site/subdomain1 that have .htaccess files of their own (with rewriteengine on). Accessing one of these files renders the initial redirect (based on the cookie) useless. If I disable the rewriteengine on directive from the sub-folders the cookie-based redirect works again.
How can I make the cookie-based redirect work without actually going to the individual subfolders and adding it there?
use the following for the rewrite rule:
rewriterule ^.*$ .set-cookie.php [R=302,L]

Why is my .htaccess file redirecting to full server path instead of relative path?

I've never had a problem with cakePHP before, but something's odd about this server and is causing the redirects in the .htaccess files to behave oddly.
CakePHP uses mod_rewrite in .htaccess files to redirect requests to its own webroot folder. The problem is that the redirects are listing the wrong path and causing a 404 error. My CakePHP application, which is stored in the listings directory, has a .htaccess file as follows:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^$ app/webroot/ [R=301,L]
RewriteRule (.*) app/webroot/$1 [R=301,L]
</IfModule>
(*note that the R=301 causes an external redirect so we can see what is going on from our end. It should really omit this flag and do the redirect internally, transparent to end-users)
This is supposed to redirect any request from http://hostname.com/~username/listings/ to http://hostname.com/~username/listings/app/webroot/
However, rather than simply adding “app/webroot/” to the end as it is supposed to, it is adding the full server path ( /home/username/public_html/listings/app/webroot/ ) resulting in the final URL http://hostname.com/home/username/public_html/listings/app/webroot/ which is obviously incorrect and triggers a 404 error.
The hosting is on a shared hosting account, so that limits what I can do with the settings. I've never seen this happen before, and I'm thinking it's something wrong from the hosting side of things, but if anyone has some helpful suggestions then I can put them to the hosting company as well.
The solution to your question can be found towards the bottom of this page in the cakephp book:
For many hosting services (GoDaddy, 1and1), your web server is actually being served from a user directory that already uses mod_rewrite. If you are installing CakePHP into a user directory (http://example.com/~username/cakephp/), or any other URL structure that already utilizes mod_rewrite, you'll need to add RewriteBase statements to the .htaccess files CakePHP uses (/.htaccess, /app/.htaccess, /app/webroot/.htaccess).
I've deployed CakePHP from my profile's public_html folder as well. I had to change 3 the same .htaccess files mentioned above. Just add RewriteBase /~username/ to the .htaccess files just after RewriteEngine on!
Try removing .htaccess from main file... It worked for me
It was quite simple (using uolhost shared host):
Edit both .htaccess files:
/webroot/.htaccess
/.htaccess
Add the following line:
RewriteBase /
Here is the whole /webroot/.htaccess file:
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]