Mod rewrite not working on apache2 - apache

I work on apache2 server. I am trying to display webpages on my website without the file extension .php using the following .htaccess file:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php
# 1 ---- Establish a custom 404 File not Found page ----
ErrorDocument 404 /filenotfound.php
# 2 ---- Prevent directory file listing in all of your folders ----
IndexIgnore *
It is simply not working. I still see my webpages with .php extension in my browser.
I have mod rewrite module loaded and also I made changes in apache2.conf file as follows:
<Directory />
Options FollowSymLinks
AllowOverride None
Require all denied
</Directory>
<Directory /usr/share>
AllowOverride None
Require all granted
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
Also my .htaccess file is doing other jobs (i.e. redirecting the 404 to filenotfound.php ) without any problem. So why is this rewrite rule not working? How can I possibly debug the .htaccess file?

I still see my webpages with .php extension in my browser.
Well you don't even have a rule to redirect a request with .php to a URL without it.
Have your rules as this:
# 1 ---- Establish a custom 404 File not Found page ----
ErrorDocument 404 /filenotfound.php
# 2 ---- Prevent directory file listing in all of your folders ----
IndexIgnore *
RewriteEngine On
## hide .php extension
# To externally redirect /dir/file.php to /dir/file
RewriteCond %{THE_REQUEST} \s/+(.+?)\.php[\s?] [NC]
RewriteRule ^ /%1 [R=302,L,NE]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{DOCUMENT_ROOT}/$1\.php -f [NC]
RewriteRule ^(.+?)/?$ /$1.php [L]

Related

Hosting vue app with Apache: Prevent source file access from URL

I want to host a vue app on an Apache server - for learning purpose.
For that I want Apache to support the Vue router and also I want that it is not possible to access source files via URL.
To support the router I added the following lines to my httpd.conf file:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.html [L]
</IfModule>
Vue documentation
So that is working. But now I want to prevent the access of my source files via URL. So I tried the approach from this answer:
https://stackoverflow.com/a/10236791/9838670
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost [NC]
RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost.*$ [NC]
RewriteRule \.(gif|jpg)$ - [F]
For testing I added CSS files to the rewrite rule
RewriteRule \.(gif|jpg|css)$ - [F]
But then my index.html could not access the files, too.
Anyone an idea how to fix this?
My settings for the directory root. Also I am loading the module for the rewrite engine.
LoadModule rewrite_module modules/mod_rewrite.so
DocumentRoot "../../dist/"
<Directory "../../dist/">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.4/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# AllowOverride FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Require all granted
# THIS DOES NOT WORK
# Rewrite engine
# RewriteEngine on
# RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost [NC]
# RewriteCond %{HTTP_REFERER} !^http://(www\.)?localhost.*$ [NC]
# RewriteRule \.(gif|jpg|css)$ - [F]
# RedirectMatch "^/$" "/home"
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.html$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.html [L]
</IfModule>
</Directory>
Let's say Apache document root is set to DocumentRoot "/folder_one/folder_two"
Placing files in a folder_one will prevent people browsing your apache server and requesting the files directly.
Place index file in folder_two and include some code such as PHP to tell apache to include whatever files you want from folder_one.
In this manor Apache will still be able to serve whatever files you want from folder_one and people will not be able to request the files directly as the are located in a directory above the Apache document root.

403 Forbidden error after symfony 2 reinstall

I am building a web app on top of the symfony2 framework. Everything used to work fine until, due to some problems, i had to wipe the production symfony folder clean and reinstall everything inside the symfony project folder.
Now every request to the server returns a 403, You don't have permission to access / on this server.
Note: the server software is apache2 running on ubuntu.
I deployed using capifony, running cap deploy:setup and cap deploy.
Nothing changed in any apache config files or anything outside the root directory of the symfony project. The server root points to symfonyRoot/current/web, the .htaccess file in that directory looks as follows:
DirectoryIndex app.php
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
RewriteRule ^(.*) - [E=BASE:%1]
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{ENV:REDIRECT_STATUS} ^$
RewriteRule ^app\.php(/(.*)|$) %{ENV:BASE}/$2 [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule .? - [L]
RewriteRule .? %{ENV:BASE}/app.php [L]
</IfModule>
<IfModule !mod_rewrite.c>
<IfModule mod_alias.c>
RedirectMatch 302 ^/$ /app.php/
</IfModule>
</IfModule>
Edit:
from the apache2.conf file:
<Directory /var/www/>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
from the virtual host config:
<Directory "/var/www/SymfonyRoot/current/web">
Require all granted
AllowOverride All
Allow from All
Options None
</Directory>
I am sure that it is just one simple thing that i am forgetting somewhere, but i can't figure out why the server is denying permission to any routes.
So, i figured out what was wrong:
Options FollowSymLinks was not turned on for the /var/www/SymfonyRoot/current/web folder.
just added Options FollowSymLinks to the .htaccess file and everything works like a charm again!

I can't get rid of index.php in my urls on Codeigniter with XAMPP/Apache 2.4.9/PHP 5.5.11, and I've tried 4 solutions

Mod_Rewrite is on. I've created an .htaccess file inside the htdocs/ci_intro folder that contains: application, system, and index.php files
My .htaccess file content:
Options FollowSymLinks
Options +Indexes
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond $1 !^(index.php)
RewriteRule ^(.*)$ /index.php/$1 [L]
I've changed the application/config/config.php to:
$config['base_url'] = '';
and
$config['index_page'] = '';
I also changed httpd.conf:
<Directory />
AllowOverride All
# Require all denied
</Directory>
this URL works
http://localhost/ci_intro/index.php/site/about
this URL brings "Object Not Found" 404
http://localhost/ci_intro/site/about
I've tried 4 different .htaccess file versions, from different blog answers.
I'm on Windows 8.1 OS. I'm new, done some javascript.

Apache - Deny access to all directories except public

I am developing a tool and I'm stuck at this point: I want to define a set of rules for each directory, basically I want only 'Public' folder avaible, and to deny access to other folders.
My directoy structure is
uapi(root)/
Application
Config
Public/
Index.php
Storage
.htaccess
and here is .htaccess file
<Directory /Public>
Order Deny, Allow
Allow from all
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ Index.php/$1 [L]
</IfModule>
</Directory>
<Directory /Config>
Order Deny, Allow
Deny from all
</Directory>
<Directory /Application>
Order Deny, Allow
Deny from all
</Directory>
<Directory /Storage>
Order Deny, Allow
Deny from all
</Directory>
As this doc page says, you cannot use the <Directory> directive inside htaccess, but only inside server conf files.
This is not a problem in your case anyway: you can store one .htaccess file inside each directory, eg. create these files:
Public/.htaccess
Order Deny, Allow
Allow from all
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ Index.php/$1 [L]
</IfModule>
/Config/.htaccess
Order Deny, Allow
Deny from all
/Application/.htaccess
Order Deny, Allow
Deny from all
/Storage/.htaccess
Order Deny, Allow
Deny from all
You can do all that using mod_rewrite itself from your main DOCUMENT_ROOT/.htaccess file. Use this code:
Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
RewriteBase /
RewriteRule ^(Application|Storage)(/.*|)$ - [NC,F]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^Public/(.*)$ /Public/Index.php/$1 [L,NC]
This code will throw Forbidden error for all the requests for /Storage/* or /Application/* but will let /Public/* be handled by /Public/index.php.
For Apache httpd server 2.4 you can do that in this way:
In httpd.conf or in a .conf file in httpd/conf.d/ dir.
<Directory "/uapi/">
Require all denied
</Directory>
<Directory "/uapi/public">
Require all granted
</Directory>
I tested this config. The reference is here.
You should be able to do this in .htaccess files too, if you don't have access to the Apache config files.
That would be, in /uapi/.htaccess:
Require all denied
and in /uapi/Public/.htaccess
Require all granted
As mentioned above, you can't use inside an .htaccess file. From Apache docs:
Note that unlike <Directory> and <Location> sections, <Files> sections can be used inside .htaccess files.
More general documentation:
https://httpd.apache.org/docs/2.4/howto/access.html

CodeIgniter remove index.php apache mod_rewrite

I'm using CodeIgniter on a Windows machine using the Zend Comunity Server with apache. My apache is properly configured to handle .htaccess directives and mod_rewrite is enabled (httpd.conf):
<Directory />
Options FollowSymLinks
AllowOverride FileInfo
Order deny,allow
Deny from all
</Directory>
My root is C:\www\ and my site is located in C:\www\david\ and when I type http://localhost/david/, the index.php is loaded along with the correct controller. I want to access my things directly through http://localhost/david/Articles/ instead of http://localhost/david/index.php/Articles/. To do this I have to use apache rewrite module.
To do so, I've placed a .htaccessfile in the C:\www\david\ folder. This file contains code I found on here :
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /david/
#Removes access to the system folder by users.
#Additionally this will allow you to create a System.php controller,
#previously this would not have been possible.
#'system' can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} ^core.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#When your application folder isn't in the system folder
#This snippet prevents user access to the application folder
#Submitted by: Fabdrol
#Rename 'application' to your applications folder name.
RewriteCond %{REQUEST_URI} ^application.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn't true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
</IfModule>
<IfModule !mod_rewrite.c>
# If we don't have mod_rewrite installed, all 404's
# can be sent to index.php, and everything works as normal.
# Submitted by: ElliotHaughin
ErrorDocument 404 /index.php
</IfModule>
I made a couple of changes to the code since my configuration is a bit different from the default. I'm not on the root so : 'RewriteBase /davidfrancoeur.com/' and I've renamed the CodeIgniter system folder for additional security so :
RewriteCond %{REQUEST_URI} ^core.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
With this done, anything should work properly, I should be able to access http://localhost/david/Articles/ without a problem and I think I shouldn't be able to reach http://localhost/david/core/config/config.php directly.
Unfortunately, it doesn't work, it doesn't even look like any rewriting is done. Do you see if I'm doing something wrong here? Is there a way to know if apache actually rewrite anything?
Thanks a lot. And yes I looked at the millions of article I could found about this... :(
EDIT
CI 2.0.2, PHP 5.3, Apache 2.2
It will work.....actually your first two rewrite conditions and rules are working but in third rewrite condition you are allowing user to access request file ,even if it is core or system file.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !^core.*
RewriteCond %{REQUEST_FILENAME} !^system.*
RewriteRule ^(.*)$ index.php?/$1 [L]
Edit: Fixed 'rewrite' typo
After looking carefully into the httpd.conf of my Zend Community Server, I realized that there was two <Directory />instruction. The first one was empty as shown in the question and the second one looked like that :
<Directory "C:\Dropbox\www">
#
# Possible values for the Options directive are "None", "All",
# or any combination of:
# Indexes Includes FollowSymLinks SymLinksifOwnerMatch ExecCGI MultiViews
#
# Note that "MultiViews" must be named *explicitly* --- "Options All"
# doesn't give it to you.
#
# The Options directive is both complicated and important. Please see
# http://httpd.apache.org/docs/2.2/mod/core.html#options
# for more information.
#
Options Indexes FollowSymLinks
#
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
I changed the following line AllowOverride None to AllowOverride All` and it worked. For those who would like to know more about URL rewrite with CodeIgniter look there : http://codeigniter.com/wiki/mod_rewrite/
And to understand properly what AllowOverridedoes read : http://httpd.apache.org/docs/2.0/mod/core.html#allowoverride
Thanks again to ever helped!
ppet prevents user access to the application folder
#Submitted by: Fabdrol
#Rename 'application' to your applications folder name.
RewriteCond %{REQUEST_URI} ^application.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn't true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]