Browse zipfiles on apache webserver - apache

I already have an awk script called viewzip.cgi which works as follows:
...viewzip.cgi/path_to_zipfile/zipfile.zip/
will show the root directory of that file,
...viewzip.cgi/path_to_zipfile/zipfile.zip/subdir/
shows a subdirectory (if present)
...viewzip.cgi/path_to_zipfile/zipfile.zip/path_to_file/file
will download one particular file.
Now what I want is omitting the "viewzip.cgi" part in the URL and an automatic redirect working as follows:
...path_to_zipfile/zipfile.zip
should download the zipfile as it would be standard behaviour, but
...path_to_zipfile/zipfile.zip/
with the trailing slash should redirect to a path like the first example, and also when trailing subdirs or files are appended.
How can I do that, if so? I have access to file system (i.e. ".htaccess") but not to apache's root configuration files. Or is there a (possibly well-known) better solution? A similar problem applies to .chm files which would be more easily browseable when unpacked on server on request. It would be nice if I don't need to repeat a redirection line for each single zipfile I have.
henni

The RedirectMatch keyword does the job.
RedirectMatch .../((?!viewzip\.cgi/).*)\.zip/(.*) http://www.../.../viewzip.cgi/$1.zip/$2

Related

Can I store Apache rewrites in a separate file to .htaccess within the web root?

Naturally, I have a .htaccess file in /var/www/html.
However, I'd like to use an independant file (e.g. .rewrites) within /var/www/html that only contains my URL rewrites. Is this possible to achieve by adding a line in the .htaccess files telling it to include the .rewrites file when being read?
Long story short: no, I'm affraid it can't be done. There is no way, at the time of writing this, to "merge" or "include" contents in an .htaccess file.
It is possible to declare multiple files names in the apache AccessFileName directive, however, the first one from the list that's found in the directory wins, and, as they can't be merged, others (if present) should just be ignored, afaik.
Edit: You can read the (very) long version at Apache Docs and check the directives marked 'h' (for .htaccess).
While you cant put all your rewrites in 1 .htaccess file, what I do is instead of using .htaccess files I put all my rewrites in the apache config files directly. This assumes you admin the web server and have access to the config files, and you dont have users that need access to them.
Years ago, I would just have a section in httpd.conf where I put all my rewrites but since Redhat and others have split up the configs into seperate files I have a file in /etc/httpd/conf.d/rewrites.conf that contains all the rewrites.

Apache mod_rewrite: remove only a specific folder from the url and remove the extension from all the files inside that folder

I've tried some different solutions I've found on the web on my .htaccess file (placed in the root of my website), but I always end up with an "Internal Server Error"...
I need a generic rule to remove a specific folder from the URL and the extension of all the files contained in it (adding a trailing slash at the end), with a redirection to the rewrited url. So, for example:
the folder I want to work on is called "pages", so the rule should not affect any other folder, and I want that the url
http://www.example.com/subfolder/pages/
will be rewrited/redirected to
http://www.example.com/subfolder/
and
http://www.example.com/subfolder/pages/page1.php
will be rewrited/redirected to
http://www.example.com/subfolder/page1/
and
http://www.example.com/subfolder/pages/subpages/page1.php
will be rewrited/redirected to
http://www.example.com/subfolder/subpages/page1/
and so on...
How can I achieve that?
This would be more logical in 2 rules:
Remove extension: /subfolder/pages/(.*).[^.]+ -> /subfolder/pages/$1/
Remove pages from URL: /subfolder/pages/(.*) -> /subfolder/$1
Didn't test the rules but this should get you there.

secure underlaying directory with htaccess

I have created an axtra ftp account for someone else, so he can upload files.(tournament results, about 20/30 htm files and images)
I am also very paranoid, so in case he upload "possible dangerous" files, i do not want those files to be accessible via an http request. With the help of PHP I want to grab the content of those files. (I do not expect troubles with that yet)
Problem:
My hoster does not allow extra ftp accounts have access outside the public_html.
So i thought htacces should solve my problem. Just by deny from all rule.
But with ftp acces this htaccess file can be deleted or changed.
So i tried to add the following code in my main htacces file in the root of my site:
<Directory "/home/xxxx.nl/public_html/xxxxxxxx.nl/onzetoernooien/swissmaster_ftp">
deny from all
</Directory>
My site hung with an internal server error.
I have no access to the httpd file.
My idea was to use an htacces file above this directory.
If the absolute path was incorrect, i could use some kind of wildcard, like *swissmaster?
I have searched on the Apache website, but i get lost in the overwhelming amount of information.
Thanks in advance for any help!
Unfortunately you can't use a <Directory> section in .htaccess, only in the server configuration file. That causes the server error (check your error logs and you'll see the error message). We can't secure a subdirectory with a <Filesmatch "subdir/.*$"> either, as FilesMatch examines only the filename part of the requested URI.
You can, however, use mod_rewrite, along these lines:
RewriteEngine on
RewriteRule ^subdir.*$ - [NC,F]
If the requested URI matches the regex pattern subdir.* (so "subdir" followed by anything else; you may need to tweak the pattern, as it happily catches subdir_new/something.txt too -- I'm sure you get the idea), then mod_rewrite's F flag will return a 403 Forbidden status (the NC stands for No-Case, making the pattern case-insensitive).

htaccess vs password protected directories

I have to add a password protected zone to a site I am working on (using the .htpasswd file). The thing is the whole directory structure it's being pointed at doesn't exist and is created through mod_rewrite.
Will it still work, or does the directory actually have to physically exist on the server?
Clarification:
While I may need to password protect the directory:
http://sitename/category/protected/
mod_rewrite translates this to:
index.php?category=category&directory=protected
So the actual directory does not exist. Is it still protectable?
You can add the access rules to the apache config file (httpd.conf or similar) in a Directory or Location tag instead of adding it in the .htaccess file.
Your rewrite rules will ultimately point to some files in a directory on your system (unless they redirect users to some external location). The authentication setup should be on the underlying directory that will be accessed.

.htaccess Redirect request to files exts in particular folder only

How do you write rules to redirect all requests to *.php and *.html files in upload/ folder to a text file name forbidden.txt in root www folder. What I'm trying to do exactly is preventing script execution in this dir by redirecting those requests to the text file
Note: The upload/ folder is accessibly by ftp used by a group of people to upload files so I cannot place htaccess inside this folder.
Create an .htaccess file at the root level of your site containing
RedirectMatch ^/upload/.+(html|php)$ http://www.yoursite.com/forbidden.txt
You could also try switching off the PHP engine in that directory by creating an .htaccess file in /upload/ containing:
php_value engine off
although you would need to ensure that people cannot upload files with the name .htaccess
Put your htaccess rules in httpd.conf instead.
If you can't edit httpd.conf, then your best bet is to not allow web access to that directory at all. Let FTP users access a folder outside of your web directory and then provide a mechanism for retrieving the file contents.
You could name that directory "upload". Then you could have your .htaccess file make requests to /upload/myfile execute upload.php, which finds ../upload/myfile and spits backs its contents. This way it would appear to users that they are accessing the "upload" folder directly, but you would the level of control you want through the PHP script.