Which ErrorDocument request will take precedence? - apache

I have a domain which contains within it multiple sites with multiple .htaccess files (it's for clients to check their own projects out before they go live to their own servers, so each .htaccess file controls its own site).
If I have a .htaccess file in the root, it will control the domain. If mydomain.com/doesntexist is entered and it doesn't exist, the root's 404 page will come up. If mydomain.com/doesexist/doesntexist is entered, the .htaccess file in the "doesexist" directory would take priority, as opposed to the root's .htaccess file ... correct?

You are correct.
I suggest you to read Apache HTTP Server Tutorial: .htaccess files
The configuration directives found in a .htaccess file are applied to
the directory in which the .htaccess file is found, and to all
subdirectories thereof. However, it is important to also remember that
there may have been .htaccess files in directories higher up.
Directives are applied in the order that they are found. Therefore, a
.htaccess file in a particular directory may override directives found
in .htaccess files found higher up in the directory tree. And those,
in turn, may have overridden directives found yet higher up, or in the
main server configuration file itself.
ROOT htaccess
ErrorDocument 404 /index.php
subfolder htaccess
ErrorDocument 404 /subfolder/index.php
http://domain.com/does_not_exist --> (404 error) /index.php
http://domain.com/subfolder/does_not_exist --> (404 error) /subfolder/index.php

Related

.htaccess fail if X-Header not present for png, gif and jpg's

I'm trying to filter requests for certain web assets (png, gif, jpg, jpeg and mp4 files) based on a specific x-header/value, and fail if not present in the request.
RewriteCond %{HTTP:X-Pull} !secretkey
RewriteRule \.(png|gif|jpg|jpeg|mp4)$ - [F]
It is expected to throw a 403/forbidden error for these file types, if a request does not contain the x-header/secretkey pair, regardless the full path to the file on the website.
I have tried several variations in my .htaccess file, but for *.png, *.gif, *.jpg and *.jpeg files it only works if the files reside in the website's root. However, the same rule works for *.mp4 files, regardless of where they are located (which is how it should work for all the file types in the list).
The site uses mod_pagespeed.
Since Pagespeed is deployed on this server, the .htaccess directives for rewriting the same asset types doesn't work. Here is one way I tried to handle the issue (by updating virtual host configuration file):
<IfModule pagespeed_module>
<If "req('X-Pull') != 'secretkey'">
ModPagespeed off
</If>
<Else>
ModPagespeed on
</Else>
...
</IfModule>
I also moved the rewrites to the virtual host configuration file due to the "significant per-request overhead from processing .htaccess files", as noted in the Pagespeed documentation.

Apache: Missing folders rewritten to php-files

I have a site with the url http://localhost/my-site/. A file called test.php exists on root, a folder named test does not exist.
When I open a link like http://localhost/my-site/test/, the file test.php is opened. Should it not give a 404 error instead? I have no .htaccess file doing any funny business. The rewriting seems to be done before any .htaccess file is being run, as a rewrite rule of test/ does not match anything. A rewrite rule of test.php does however match.
I am using WampServer 2.2 with Apache 2.4.2.
This sounds like a mod_negotiation/Multiviews issue.
In the appropriate place (say, in your vhost config, or in the htaccess file in my-site's directory, include in the Options a - multiviews:
Options -Multiviews

Apache cross domain 404

I want to make apache to always open up a signle page for 404 errors from all subdomains.
The problem is that my subdomains are located in subfolders in public_html, and thus have a different root path.
For example the main domain this works quite well:
ErrorDocument 404 /Error/404.html
The Error folder and the main domain are located in public_html respectively.
However for the forum subdomain, located in public_html/forum/ the above root path does not, and it actually looks for public_html/forum/Error/404.html which doesn't exist.
I tried to rewrite rule for the forum folder, but it didn't work out either:
ErrorDocument 404 /../Error/404.html
Seems, it cannot go below the root folder for some reason.
Any ideas how can I refer to the same page from the main and the subdomain alike, without triggering redirects? (eg: http://mysite/Error/404.html would accomplish this, but would also change the url address of the page which I don't want)
Seems, it cannot go below the root folder for some reason.
Because being able to traverse above the document root is a very, very serious security risk. If your webserver gets compromised, people would be able to serve all kinds of files anywhere on your entire server.
If you have access to server config you can setup aliases for the /Error folder. For example, in your forum subdomain's vhost config, you can add:
Alias /Error /path/to/public_html/Error/
This way, when you go to http://forum.yourdomain.com/Error/404.html you'd actually be looking at http://main.yourdomain.com/Error/404.html. Then you can just use:
ErrorDocument 404 /Error/404.html
like normal in your forum subdomain.
But if you don't have access to your server/vhost config, you'll need to use mod_proxy and mod_rewrite. So in the htaccess file in public_html/forum/, add these to the top:
RewriteEngine On
RewriteRule ^Error/(.*)$ http://main.yourdomain.com/Error/$1 [L,P]

Does the recursive .htaccess rule affects subdomains pointing to subdirectories?

Suppose I have a site example.com which points to the root directory of my hosting account and it has a .htaccess file in that directory. Say I have an other domain stuff.example.com which points to the same hosting account, but to a subdirectory of it, not to the root directory, and that subdirectory also has a .htaccess file in it.
If I visit stuff.example.com then will its .htaccess file be affected by the .htaccess settings of the root directory? Or htaccess search starts from the directory where the domain points to, so in this case the htaccess file in the parent directory is not taken into account?
Surprisingly the Apache docs don't ever explicitly answer this, as far as I can tell. But the htaccess tutorial gives the example that if a file is requested from /www/htdocs/example, then Apache looks for the following .htaccess files:
/.htaccess
/www/.htaccess
/www/htdocs/.htaccess
/www/htdocs/example/.htaccess
which presumably leads outside of the DocumentRoot. So it seems that the answer to your question is yes, Apache will read all .htaccess files all the way up to /.
will its .htaccess file be affected by the .htaccess settings of the root directory?
Yes. Where your web root is doesn't matter.

Excluding one directory in .htaccess (not just rewrite rules)

Excluding one or more directories from rewrite rules in .htaccess files seems to be a common question. However, my .htaccess does more than just set rewrite rules. I've also set some server changes (we don't have suPHP on this server) as well as set some prepending of some php files. For example these are a few examples:
# Make files ending in .php, .html and .xml files etc. parsed by php.
AddType application/x-httpd-php .php .html .xml .css .js .le .txt
<FilesMatch "\.html$">
php_value auto_prepend_file "/home/2427/spwebsites/www.spwebsites.co.uk/incs/phps/config.php"
</FilesMatch>
# Internal Server Error
ErrorDocument 500 /admin/errors.html?code=500
RewriteEngine On
RewriteRule ^([a-zA-Z0-9-]+)/$ $1.html [L]
I don't want any of these set for one directory (where my word press installation is), is there a way I can do this? Can I set a conditional statement for the whole .htaccess file?
Adding a blank .htaccess file in the word press directory won't work because this won't undo the settings in the parent directory.
I was just looking into your dilemma and it is a tricky one. It would be nice to be able to have the DirectoryMatch directive available in .htaccess ...
What you can try is to reset your values in the specific directory via another .htaccess file.
So in the case of the AddType perhaps, resetting it back to just ".php" might work (assuming it doesn't inherit the other values). Definitely not an ideal solution with out access to the main config file/ virtual host.
Here is a weird idea that you can try/test ... place the "wordpress" dir outside of the main root (or whereever you have the offending .htaccess file). Now route all requests to the wordpress (inner dir) to the outer dir. I wonder if Apache would not use the offending .htaccess considering the requests are being routed?