Shutting down a website using HTaccess does not work - apache

OK, it's very simple but it does not work. I have a wiki site where the root contains an index.php file and the subdirectories contains the content of the wiki (I use PMwiki, so no database is required)
I want to temporarity shutdown the website and make it unaccessible by using an nice HTML page to display the shutdown message. I could rename the index.php file, but the rest of the files in the subfolder will remain accessible.
The first thing that worked but which is not elegant is restricting the whole site with a password in the htaccess using "Require valid-user" and all it's other command. The problem is that I cannot display a nice shutdown message as an HTML file.
Else I tried renaming the index.php file to something else like site.php. Creating a index.html file as a message and using a script like this:
Order Deny, allow
Deny from all
<File "index.html">
Allow from all
</File>
In that case, the index.html file is accessible, but it must be manually typed in the URL, it will not use this file by default. I tried adding DirectoryIndex directive like this
DirectoryIndex index.html
But it still does not work.
So first is there a way to make the user only see 1 page in particular and block everything else.
Second, doing so makes the site unaccessible to me. So is there a way to passords restrict the whole directory structure except for a specific index.html file. So that I could type url/site.php and be able to enter my website using an htaccess password.
Thanks for any help

Just this rule in root .htaccess should be able to handle this:
RewriteEngine On
RewriteBase /
RewriteRule !^shutdown\.html$ shutdown.html [L,NC]
Now you can keep custom HTML content in /shutdown.html. Keep in mind you need to use inline css/js since it will also rewrite css/js requests to /shutdown.html file.

Related

typing DirectoryIndex into .htaccess and it doesn't work?

This is so frustrating. My root directory is at home/websitename/websitename/ and my httpd.conf has nothing in it!
My .htaccess is in the same directory as the index.php is supposed to be and all I'm typing into .htaccess (and FTP identifies this as an HTACCESS file) is:
DirectoryIndex Home.php
The error message I get when trying to visit the site is a 403 forbidden to list the directories of "/"
the AllowOverride directive is set to All
Ok actually I made a dumb mistake.
Basically all the things one needs to check in order for the .htaccess to work are these:
Create a .htaccess file in the main directory. Make sure the .htaccess file is made in a file editor for ACSII. (notepad++, dev editor, NO Microsoft Word)
Make sure AllowOverride is set to All in the Apache configuration for your website. It should be under <directory>
Make sure to restart apache after making any changes to the Apache file!! Note that even though .htaccess does not require you to restart Apache, changing anything in the website configuration file requires you to restart Apache in order for it to function.
Lastly, your website should output a 500 Internal Apache Error if it is able to actually read the .htaccess file, NOT a 403: Access Forbidden or directory listing.

secure underlaying directory with htaccess

I have created an axtra ftp account for someone else, so he can upload files.(tournament results, about 20/30 htm files and images)
I am also very paranoid, so in case he upload "possible dangerous" files, i do not want those files to be accessible via an http request. With the help of PHP I want to grab the content of those files. (I do not expect troubles with that yet)
Problem:
My hoster does not allow extra ftp accounts have access outside the public_html.
So i thought htacces should solve my problem. Just by deny from all rule.
But with ftp acces this htaccess file can be deleted or changed.
So i tried to add the following code in my main htacces file in the root of my site:
<Directory "/home/xxxx.nl/public_html/xxxxxxxx.nl/onzetoernooien/swissmaster_ftp">
deny from all
</Directory>
My site hung with an internal server error.
I have no access to the httpd file.
My idea was to use an htacces file above this directory.
If the absolute path was incorrect, i could use some kind of wildcard, like *swissmaster?
I have searched on the Apache website, but i get lost in the overwhelming amount of information.
Thanks in advance for any help!
Unfortunately you can't use a <Directory> section in .htaccess, only in the server configuration file. That causes the server error (check your error logs and you'll see the error message). We can't secure a subdirectory with a <Filesmatch "subdir/.*$"> either, as FilesMatch examines only the filename part of the requested URI.
You can, however, use mod_rewrite, along these lines:
RewriteEngine on
RewriteRule ^subdir.*$ - [NC,F]
If the requested URI matches the regex pattern subdir.* (so "subdir" followed by anything else; you may need to tweak the pattern, as it happily catches subdir_new/something.txt too -- I'm sure you get the idea), then mod_rewrite's F flag will return a 403 Forbidden status (the NC stands for No-Case, making the pattern case-insensitive).

How to allow server to access files but not user?

I have a directory with a bunch of files in it & I don't want anybody to be able to access these files by either getting a directory listing or by guessing the file location & typing it in.... it should NOT allow them to download it.
I accomplished this by putting the below in my .htaccess file:
Options -Indexes
Order Allow,Deny
Deny from all
However, I want the user to be able to download the file ONLY IF they access it via a script (which is in a different directory) which will give them the download. At the moment with the above settings it doesn't work.
I thought of putting something like..
Allow from domain.com
But I'm not 100% sure what that means? Does that check where the REQUEST is coming from & hence it would work if the server requests access to that dir? ...or would it still not work as the user is still using the domain via the other script to access the dir?
If you dump the files with an "script" you can store your files outside the documentroot. So you need no htacces file.
Perhaps this is a better workaround.
One way is to redirect the user say to your home page when they try to access your downloadable files inside the folder sec_files in this example.
I researched on this when one of my clients who purchased secure download links a codecanyon product asked for a solution to protect a folder that contained images or downloadable.
the .htaccess code is below. this .htaccess file is placed inside the sec_files i.e downloadable files folder.
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/~sec_files/ [OR]
RewriteCond %{HTTP_HOST} ^www.satyamtechnologies.net$
RewriteRule ^(.*)$ http://www.satyamtechnologies.net [R,L]
See how it works when you access here, it will redirect you to home page but when you access it through a php script here it will let you download the same files.

htaccess rewrite question

I want to rewrite the url http://mydomain/myapp/fakefolder to http://mydomain/myapp/index.php
I tried the following rule but thats not working
RewriteEngine On
RewriteRule ^fakefolder$ index.php
The .htaccess file is located inside myapp.
Kindly help
Thanks
vineet
To begin with, your folder is not called vineetstore: it's called fakefolder.
The corrected rule works for me so I'd dare say your Apache installation is not configured to read .htaccess files in such location. You can easily test that: make a syntax error on purpose and see whether your site crashes.
Find your virtual host or site definition and make sure you have this directive:
AllowOverride All

mod_rewrite to absolute path in .htaccess - turning up 404

I want to map a number of directories in a URL:
www.example.com/manual
www.example.com/login
to directories outside the web root.
My web root is
/www/htdocs/customername/site
the manual I want to redirect to is in
/www/customer/some_other_dir/manual
In mod_alias, this would be equal to
Alias /manual /www/customer/some_other_dir/manual
but as I have access only to .htaccess, I can't use Alias, so I have to use mod_rewrite.
What I have got right now after this question is the following:
RewriteRule ^manual(/(.*))?$ /www/htdocs/customername/manual/$2 [L]
this works in the sense that requests are recognized and redirected properly, but I get a 404 that looks like this (note the absolute path):
The requested URL /www/htdocs/customername/manual/resourcename.htm
was not found on this server.
However, I have checked with PHP: echo file_exists(...) and that file definitely exists.
why would this be? According to the mod_rewrite docs, this is possible, even in a .htaccess file. I understand that when doing mod_rewrite in .htaccess, there will be an automated prefix, but not to absolute paths, will it?
It shouldn't be a rights problem either: It's not in the web root, but within the FTP tree to which only one user, the main FTP account, has access.
I can change the web root in the control panel anytime, but I want this to work the way I described.
This is shared hosting, so I have no access to the error logs.
I just checked, this is not a wrongful 301 redirection, just an internal rewrite.
In .htaccess, you cannot rewrite to files outside the wwwroot.
You need to have a symbolic link within the webroot that points to the location of the manual.
Then in your .htaccess you need the line:
Options +SymLinksIfOwnerMatch
or maybe a little more blindly
Options +FollowSymlinks
Then you can
RewriteRule ^manual(/(.*))?$ /www/htdocs/customername/site/manual/$2 [L]
where manual under site is a link to /www/customer/some_other_dir/manual
You create the symlink on the command line with:
ln -s /www/htdocs/customername/site/manual /www/customer/some_other_dir/manual
But I imagine you're on shared hosting without shell access, so look into creating symbolic links within CPanel,Webmin, or whatever your admin interface is. There are php/cgi scripts that do it as well. Of course, you're still limited to the permissions that the host has given you. If they don't allow you to follow symlinks as a policy, you cannot override that within your .htaccess.
AFAIK mod_rewrite works at the 'protocol' level (meaning on the wire HTTP). So I suspect you are getting HTTP 302 with your directory path in the location.
So I'm afraid you might be stuck unless.. your hosting lets you follow symbolic links; so you can link to that location (assuming you have shell access or this is possible using FTP or your control panel) under your current document root.
Edit: It actually mentions URL-file phase hook in the docs so now I suspect the directory directives aren't allowing enough permissions.
This tells you what you need to know.
The requested URL /www/htdocs/customername/manual/resourcename.htm
was not found on this server.
It interprets RewriteRule ^manual(/(.*))?$ /www/htdocs/customername/manual/$2 [L] to mean rewrite example.com/manual/ as if it were example.com/www/htdocs/customername/manual/.
Try
RewriteRule ^manual(/(.*))?$ /customername/manual/$2 [L]
instead.