Im developing an MVC pattern based CMS.
I wnat to prevent the direct access to my subfolders and files
I have this .htaccess file in the root folder:
php_flag display_errors On
php_value error_reproting 9999
<IfModule mod_rewrite.c>
RewriteEngine on
SetEnv HTTP_MOD_REWRITE On
RewriteBase /lmvc_trunk/
Options -Indexes
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^(.+)$ index.php?url=$1 [QSA,L]
</IfModule>
The page requests looks like: http://mydoamin.com/pages/details/15 . This will load the "pages" controller and call it's method called "details" and passes the 15 as a parameter (pages_controller->details(15))
The "Options -Indexes" will prevent users from listing for example the /library directory. But if I type http://mydoamin.com/library/Bootstrap.php in the browser it will load the php script. I know if I add an .htaccess file with "deny from all" to a subfolder that will solve this problem, but isn't there any nicer solution than placing this htaccess file to ALL my subfolders? Can I somehow prevent the direct access to subfolders and files from the htaccess in the root?
It would be better if i could redirect direct file and folder requests to index/404 so the user wont even know if there is a folder called e.g /library
Im new to htacces and rewrite. Any solutions?
Place this rule as your first rule:
RewriteCond %{THE_REQUEST} \s/+[^/]+/\S+
RewriteRule ^ - [F,L]
Related
I would like to completely reshuffle my site without interrupting its availability.
I use a shared hosting. On my domain, I created several subdomains one hosts the currently available site, the other is reserved for my reshuffling.
The root documents of the sites are respectively:
subdomain1.domain.fr/public
subdomain2.domain.fr/public
I am using the same .htaccess files on both subdomains.
The first one works. The second displays a blank page
On firefox there is no additional information.
On Brave or Google chrome an error 500 message is displayed.
Here is my .htaccess
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
RewriteEngine On
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Send Requests To Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
And here are some useful values in .env
APP_ENV=local
APP_DEBUG=true
APP_URL=http://localhost
Thank you for help
Additional EDIT
when replacing the content of index.php with only phpinfo(); it display the page php info correctly.
Eventually, using
phpinfo(); exit;
in the index.php file and moving them statement after statement, I found that the vendor/autoload.php was missing.
And as who can do the most can do the least, I added the full vendor directory, Probably it is not necessary.
Having some experience with procedural php I watched some tutorials about OOP and the MVC model (with php). Things start to get more clear and I wanted to put the theory to practice.
The tutorial I'm following works with an app folder and a public folder, both subfolders of the root directory. There's an index.php file in the public folder and a htaccess file that redirects all requests (in the public folder) to none existing files to index php. The code in that file is:
<IfModule mod_rewrite.c>
Options -Multiviews
RewriteEngine On
RewriteBase /public
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.+)$ index.php?url=$1 [QSA,L]
</IfModule>
That works fine.
In the root folder there is also a htaccess file with the purpose of redirecting all url requests to the public folder (in case /public/ is not in the url. The code in that file is:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^$ public/ [L]
RewriteRule (.*) public/$1 [L]
</IfModule>
That goes wrong, and it's the second RewriteRule that causes the problems. If I for example browse to
www.mywebsite.com
the browser redirects to www.mywebsite.com/public/index.php
But if I browse to www.mywebssite.com/shop (shop is not an existing file) I suppose the browser redirects to www.mywebsite.com/public/index.php?url='shop', but instead there is an internal server error. It seems to be the second RewriteRule that causes the problem.
What could be the problem?
I am on mobile I haven't tested it but looks like you could be reaching out to maximum redirect limits here why because your condition in your root htaccess isn't looking good to me, try this once.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^$ public/ [L]
RewriteCond %{REQUEST_URI} !^/public/? [NC]
RewriteRule (.*) public/$1 [L]
</IfModule>
Issues in OP's approach: You haven't mentioned any condition to when it should redirect so it doesn't know when to stop hence it's creating a loop here IMHO.
How do I use the .htaccess file to set a custom DocumentRoot for CSS files? All CSS files are within a folder named "assets", and I'd like to omit the "assets" folder when loading in the CSS files for an HTML page.
This is the current code I am using:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^domain-name.com$ [NC,OR]
RewriteCond %{HTTP_HOST} ^www.domain-name.com$
RewriteCond %{REQUEST_URI} !assets/
RewriteRule (.*) /assets/$1 [L]
This code makes links relative to the assets folder, but it doesn't apply to CSS files for some reason, as I still need to use href="assets/styles.css" in order to load a CSS file from /assets. I'd like to simply use href="styles.css".
I would create only one .htaccess file to solve all your problems. Please put this into your /root folder and delete the other .htaccess files.
# This first part should be done by the webserver,
# if not than thing about to change you hoster but I put it here:
# Preventing direct access to any .ht file (.htaccess, .htpasswd, etc.)
<FilesMatch "^\.ht">
Require all denied
</FilesMatch>
Options +FollowSymlinks
Options -Indexes
# Start to Rewrite
RewriteEngine On
# For all URL starting with /css, /fonts, /img or /js
RewriteCond %{REQUEST_URI} ^/?(css|fonts|img|js)(/.*)?$ [NC]
RewriteRule ^.*$ /site/public/%1%2 [L]
# Redirect all to the Application if not done already
RewriteCond %{REQUEST_URI} !^/?site/public/index\.php [NC]
# but not if the URL starts with css, fonts, img or js
RewriteCond %{REQUEST_URI} !^/?(css|fonts|img|js)(/.*)?$ [NC]
# or if request is a real file
RewriteCond %{REQUEST_FILENAME} !-f
# or if request is a real directory but not the root directory
RewriteCond %{REQUEST_URI} ^/?$ [OR]
RewriteCond %{REQUEST_FILENAME} !-d
# Rewrite the rest to the index.php file in your public folder
RewriteRule ^.*$ /site/public/index.php [NC,L]
It worked... I just refreshed my browser cache, and the CSS files was included properly.
I'm trying to rewrite my URL from this:
http://www.example.com/admin/index.php?id=title
to:
http://www.example.com/admin/title
I'm using this code in my htaccess:
RewriteEngine On
RewriteRule ^([^/]*)\.html$ /admin/index.php?id=$1 [L]
But then when I try out rewritten URL's i get a 404 error from my server. What is the mistake I'm making? The .htaccess is in a subfolder called admin and the rewrite rule should only work for that folder.
This .htaccess should be placed inside the folder admin that must be inside your root folder:
Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteBase /admin/
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^/]+)$ index.php?id=$1 [L]
The 2 conditions make sure we are not redirecting an existent file or folder and rule tells we want to extract anything not a / and use as the ID.
The RewriteBase tell us your parent folder is admin and as such we work from there and onwards.
I want to make my app root directory can be accessed without specify index.php like
www.domainname.com/dev/
My .htaccess now is
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
</IfModule>
In my localhost it works, but in my hosting, when i access, it says "directory access is forbidden"
What should i change?
regards
Maybe this will solve the problem.
Add something like this in your .htaccess file at root directory:
DirectoryIndex index.php index.html
The first file found, from left to right, will be loaded by default. You can add more files or remove index.html as appropriate. This is just an example.