How to enable SSL only on specified XAMPP directories - apache

I've been able to use makecert to make a self signed cert which currently enables HTTPS on all directories in C://XAMPP/htdocs
I have two directories which I want to be different,
c:/XAMPP/htdocs/PLACEHOLDER1
c:/XAMPP/htdocs/PLACEHOLDER2
I was wondering if it'd be possible have the SSL scope limited to one directory, say in this case 'placeholder1'.
It's my first time using SSL so sorry for any confusions.

http://robsnotebook.com/xampp-ssl-encrypt-passwords has some good information on how to make folders accessible by SSL encryption only. It specifically covers these two items, this is not a direct quote, but is an excerpt of the essence to answer your question:
Make folders accessible with SSL encryption only
First, we need to inform Apache that the folders you want to encrypt should use always use encryption (and never go in the clear). This is accomplished by putting an SSLRequireSSL directive inside of each desired <Directory> listing in the config files (it is ok to put it at the end, just before the </Directory>).
Alias /web_folder_name "C:/xampp/foldername"
<Directory "C:/xampp/foldername">
...
...
SSLRequireSSL
</Directory>
Redirect “http” to “https” for certain folders
This next optional step is to redirect “http” requests to “https” requests for the pages we want to secure. This is more user friendly and allows you to still use http when you type in the address (and automatically switch to https:// and encryption). If you don’t do this, and you used SSLRequireSSL, you will only be able to access these pages by typing https://. This is fine and probably a little bit more secure, but is not so user friendly. To accomplish the redirection, we will use mod_rewrite so that we don’t have to use the server name in this part of the config file. This helps keep small the number of places in the config files where the server name is written (making your config files more maintainable).
First, we need to make sure that mod_rewrite is enabled. To do this, edit c:\xampp\apache\conf\httpd.conf and get rid of the comment (# character) in this line:
#LoadModule rewrite_module modules/mod_rewrite.so
to make it look like this:
LoadModule rewrite_module modules/mod_rewrite.so
Now, paste the following text into the top of c:\xampp\apache\conf\extra\httpd-xampp.conf:
<IfModule mod_rewrite.c>
RewriteEngine On
# Redirect /xampp folder to https
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} xampp
RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
# Redirect /phpMyAdmin folder to https
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} phpmyadmin
RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
# Redirect /security folder to https
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} security
RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
# Redirect /webalizer folder to https
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} webalizer
RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]
</IfModule>
If you have other folders you want to redirect to https://, add the generic text below (but substitute your folder name):
# Redirect /folder_name folder to https
RewriteCond %{HTTPS} !=on
RewriteCond %{REQUEST_URI} folder_name
RewriteRule ^(.*) https://%{SERVER_NAME}$1 [R,L]

Related

How to direct a Domain to a subfolder on the server it points to in apache htaccess

I have a web server with several Domains pointing to it. I want one domain lets name it www.example.com to go into the folder /example in my Doc Root (e.g. /var/www/example). I do this using this .htaccess code in my Doc Root:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_HOST} ^(www.)?example.com$ [NC]
RewriteRule ^(/)?$ example [R=301,L]
</IfModule>
Now typing in the domain in the browser gets me to the correct location but instead of seeing www.example.com or example.com in the url bar of my browser I see [IP-Address]/example (e.g. 1.2.3.4/example). Of course I want the domain name www.example.com to show up and if I surf to a specific file e.g. /example/folder/index.php I want (www.)example.com/folder/index.php to show up.
I have tried some of the proposed fixes from other stack overflow questions regarding redirect to subfolder but all of them seem to elicit the above unwanted behaviour. Any help would be greatly appreciated.
Thanks
You can use these rules:
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_HOST} ^(?:www\.)?example\.com$ [NC]
RewriteRule ^(?!band/).*$ /band/$0 [L,NC]
Make sure to use a new browser for testing.
(?!band/) is a negative lookahead to prevent redirect when request already starts with /band/.

Redirect all HTTP to HTTPS

I have a SSL on my site and would like to redirect all my http pages to https
I find something below and work for www.yourdomain.com.
If I also need transfer all yourdomain.com(without www) to https what should I add to htaccess? Thanks!
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
<!-- Please put the redirect without www here, thanks-->
A simple Google search reveals hundreds of results. For example, this official FAQ.
RewriteEngine On
# This will enable the Rewrite capabilities
RewriteCond %{HTTPS} !=on
# This checks to make sure the connection is not already HTTPS
RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
# This rule will redirect users from their original location, to the same location but using HTTPS.
# i.e. http://www.example.com/foo/ to https://www.example.com/foo/
# The leading slash is made optional so that this will work either in httpd.conf
# or .htaccess context

Pointing subdomains to a "directory"

I have two questions regarding pointing subdomains to a directory:
Currently I run local, but I can run my site on a fake domain i have set up (with hosts file), its called mysite.com. How can i (by server settings?) do so All subdomains will point to / ? Example anders.mysite.com should show mysite.com and asdassdd.mysite.com also.
Maybe 1. is not necessary, but how do i by htaccess point anders.mysite.com to mysite.com/anders ? Important notice is that should not redirect.
Why i thought of 1. is because I do not want to specify anywhere in the htaccess or any apache/domain setting, what the subdomain are, since this will be dynamic (created by logged in users in my webapplication)
Currently the users can use mysite.com/anders/ which is a URI they have created, and not a real directory. In the Kohana bootstrap I am then grabbing the URI and showing the relevant user page.
I am using Kohana MVC framework and have this in my htaccess:
# Turn on URL rewriting
RewriteEngine On
# Installation directory
RewriteBase /
# Protect hidden files from being viewed
<Files .*>
Order Deny,Allow
Deny From All
</Files>
# Protect application and system files from being viewed
RewriteRule ^(?:application|modules|system)\b.* index.php/$0 [L]
# Allow any files or directories that exist to be displayed directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Rewrite all other URLs to index.php/URL
RewriteRule .* index.php/$0 [PT]
Any help appreciated!
For 1, in your vhost just add a ServerAlias:
ServerAlias *.mysite.com
Then any subdomain (www included) will get pointed to the same document root.
If you want to put subdomains in their own directory (and since you have access to server config), you can use mod_vhost_alias and the VirtualDocumentRoot directive:
VirtualDocumentRoot /path/to/your/htdocs/%1
So if you request blah.mysite.com, you'll end up in /path/to/your/htdocs/blah as the doc root.
If it's a matter of you needing directory names of non-existent directories in the URI so that Kohana can route them, you'll need to make sure you have mod_proxy loaded:
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteCond %{HTTP_HOST} ^([^.]+)\.
RewriteCond %{REQUEST_URI} !^/%1/
RewriteRule ^(.*)$ /%1/$1 [L,P]
To proxy the request back to Kohana with the right URI.
how do i by htaccess point anders.mysite.com to mysite.com/anders ? Important notice is that should not redirect.
You can use this rule:
RewriteCond %{HTTP_HOST}:%{REQUEST_URI} ^([^.]+)\.[^:]+:(?!/\1/).*$
RewriteRule ^ /%1%{REQUEST_URI} [L]

http/https Rewrite not working, adds index.php to path

I'm trying to add some secure pages to a site. The links in the site all use the current protocol (i.e. are protocol independent, paths start with //).
I need the paths /info/season-tickets/* and /ticketcontroller/* to use https, and all others using http.
I've tried building rules to do the following (ignoring the ticketcontroller part for now):
If Port==80 and Path==/info/season-tickets/, rewrite with https
If Port==443 and Path!=/info/season-tickets/, rewrite with http
However, when I access /info/season-tickets/, rather than redirecting to the https version, I get example.com/index.php/info/season-tickets
The .htaccess is below - my attempts are below # Force https on certain pages and # Force http everywhere else, and the other bits are from the Kohana framework
# Turn on URL rewriting
RewriteEngine On
# Installation directory
RewriteBase /
# Force https on certain pages
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} ^/info/season-tickets/?
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
# Force http everywhere else
RewriteCond %{SERVER_PORT} 443
RewriteCond %{REQUEST_URI} !^/info/season-tickets/?
RewriteRule ^(.*)$ http://www.example.com/$1 [R,L]
# Protect hidden files from being viewed
<Files .*>
Order Deny,Allow
Deny From All
</Files>
# Protect application and system files from being viewed
RewriteRule ^(?:application|modules|system)\b index.php/$0 [L]
# Allow any files or directories that exist to be displayed directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Rewrite all other URLs to index.php/URL
RewriteRule .* index.php/$0 [PT]
I tried re-ordering the rules to see if that fixed it, but it didn't.
Any ideas why this isn't working (http://htaccess.madewithlove.be/ shows that it should work)...
Thanks!
I've solved this issue, not with htaccess, but in the index.php file (all requests go through this).
By default, I assume port 80. Then, if $_SERVER['REQUEST_URI'] is in an array of secure paths, I switch the variable to 443.
Then, if $required_port != $_SERVER['SERVER_PORT'], I redirect and exit().

Using .htaccess file to redirect to a subdomain

In my root folder, I have a home directory. I'd like all requests for mydomain.com or www.mydomain.com to be forwarded to home.mydomain.com. In my cPanel, I have already set up the sub-domain home.mydomain.com to point to mydomain.com/home.
Here's what I currently have in my .htaccess file:
RewriteEngine On
Options +SymLinksIfOwnerMatch
RewriteRule ^(.*)$ \/home\/$1 [L]
This successfully forwards mydomain.com and www.mydomain.com to mydomain.com/home or www.mydomain.com/home, respectively. But home.mydomain.com/filename gives me an internal server error, instead of serving the file at mydomain.com/home/filename.
I'm not sure I understand the exact requirements, but it seems you want to rewrite all (www.)mydomain.com requests to the /home directory while your subdomain home.mydomain.com already points to that directory and thus should be exempt from that rewrite directive. If for some reason (www.)mydomain.com can't be set up to point to /home as well, you'd need a Rewrite Condition, something like
RewriteEngine On
Options +SymLinksIfOwnerMatch
RewriteCond %{HTTP_HOST} ^(www\.)?mydomain\.com$ [NC]
RewriteRule ^(.*)$ /home/$1 [L]
I also removed the backslashes which should not be needed. You can use the htaccess tester to check rewrite rules easily online.