I have 2 domains pointing to the same folder,
I need to put up a .htaccess file to change cache behaviour on the first domain.
Please don't suggest to edit the server's vhost configuration, this question is specifically for .htaccess.
Something like:
<Match http://domain1.test.com>
Header unset ETag
</Match>
You can try this code in your DOCUMENT_ROOT/.htaccess file:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^domain1\.test\.com$ [NC]
RewriteRule ^ [L,E=TESTDOMAIN:1]
# Do not use etags for cache validation.
Header unset ETag env=TESTDOMAIN
# for older Apache versions
Header unset ETag env=REDIRECT_TESTDOMAIN
Related
In my Joomla 4 site I'm trying to create redirects for old URL like for example:
Old url: https://www.example.com/oldpage
New url: https://www.example.com/newpage
This is my .htaccess:
##
# #package Joomla
# #copyright (C) 2005 Open Source Matters, Inc. <https://www.joomla.org>
# #license GNU General Public License version 2 or later; see LICENSE.txt
##
##
# READ THIS COMPLETELY IF YOU CHOOSE TO USE THIS FILE!
#
# The line 'Options +FollowSymLinks' may cause problems with some server configurations.
# It is required for the use of Apache mod_rewrite, but it may have already been set by
# your server administrator in a way that disallows changing it in this .htaccess file.
# If using it causes your site to produce an error, comment it out (add # to the
# beginning of the line), reload your site in your browser and test your sef urls. If
# they work, then it has been set by your server administrator and you do not need to
# set it here.
##
## Can be commented out if causes errors, see notes above.
#Options +FollowSymlinks
#Options -Indexes
## No directory listings
<IfModule mod_autoindex.c>
#IndexIgnore *
</IfModule>
## Suppress mime type detection in browsers for unknown types
<IfModule mod_headers.c>
Header always set X-Content-Type-Options "nosniff"
##
# Disable Federated Learning of Cohorts (FLoC)
# If you uncomment the below directive you have to allow this technology in the
# Global Configuration of Joomla. Read more about this in the Post-Installation
# message in the backend.
##
# Header always set Permissions-Policy "interest-cohort=()"
</IfModule>
## Protect against certain cross-origin requests. More information can be found here:
## https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin_Resource_Policy_(CORP)
## https://web.dev/why-coop-coep/
#<IfModule mod_headers.c>
# Header always set Cross-Origin-Resource-Policy "same-origin"
# Header always set Cross-Origin-Embedder-Policy "require-corp"
#</IfModule>
## Disable inline JavaScript when directly opening SVG files or embedding them with the object-tag
<FilesMatch "\.svg$">
<IfModule mod_headers.c>
Header always set Content-Security-Policy "script-src 'none'"
</IfModule>
</FilesMatch>
## These directives are only enabled if the Apache mod_rewrite module is enabled
<IfModule mod_rewrite.c>
RewriteEngine On
## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site then comment out the operations listed
# below by adding a # to the beginning of the line.
# This attempts to block the most common type of exploit `attempts` on Joomla!
#
# Block any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root home page
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.
## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
## End - Custom redirects
##
# Uncomment the following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your Joomla! Directory (just / for root).
##
RewriteBase /blog/
## Begin - Joomla! core SEF Section.
#
# PHP FastCGI fix for HTTP Authorization, required for the API application
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# -- SEF URLs for the API application
# If the requested path starts with /api, the file is not /api/index.php
# and the request has not already been internally rewritten to the
# api/index.php script
RewriteCond %{REQUEST_URI} ^/api/
RewriteCond %{REQUEST_URI} !^/api/index\.php
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the /api/index.php script
RewriteRule .* api/index.php [L]
# -- SEF URLs for the public frontend application
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule .* index.php [L]
#
## End - Joomla! core SEF Section.
</IfModule>
## These directives are only enabled if the Apache mod_rewrite module is disabled
<IfModule !mod_rewrite.c>
<IfModule mod_alias.c>
# When Apache mod_rewrite is not available, we instruct a temporary redirect
# of the start page to the front controller explicitly so that the website
# and the generated links can still be used.
RedirectMatch 302 ^/$ /index.php/
# RedirectTemp cannot be used instead
</IfModule>
</IfModule>
## These directives are only enabled if the Apache mod_headers module is enabled.
## This section will check if a .gz file exists and if so will stream it
## directly or fallback to gzip any asset on the fly
## If your site starts to look strange after enabling this, and you see
## ERR_CONTENT_DECODING_FAILED in your browser console network tab,
## then your server is already gzipping css and js files and you don't need this
## block enabled in your .htaccess
<IfModule mod_headers.c>
# Serve gzip compressed CSS files if they exist
# and the client accepts gzip.
RewriteCond "%{HTTP:Accept-encoding}" "gzip"
RewriteCond "%{REQUEST_FILENAME}\.gz" -s
RewriteRule "^(.*)\.css" "$1\.css\.gz" [QSA]
# Serve gzip compressed JS files if they exist
# and the client accepts gzip.
RewriteCond "%{HTTP:Accept-encoding}" "gzip"
RewriteCond "%{REQUEST_FILENAME}\.gz" -s
RewriteRule "^(.*)\.js" "$1\.js\.gz" [QSA]
# Serve correct content types, and prevent mod_deflate double gzip.
RewriteRule "\.css\.gz$" "-" [T=text/css,E=no-gzip:1]
RewriteRule "\.js\.gz$" "-" [T=text/javascript,E=no-gzip:1]
<FilesMatch "(\.js\.gz|\.css\.gz)$">
# Serve correct encoding type.
Header append Content-Encoding gzip
# Force proxies to cache gzipped &
# non-gzipped css/js files separately.
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>
But this doesn't work because the old link is not a 404 page and always redirects to the homepage. All 404 pages redirect to the homepage.
How can I remove the reiderect for all 404 pages to homepage?
If the old URL doesn't become a 404 page the redirect will never work...
P.S. My website is with Astroid framework and SP Page Builder component for the homepage!
Instead of using a Joomla plugin, you could implement these redirects in .htaccess instead. These are then processed before Joomla/PHP is processed. These directives would need to go in the # Begin - Custom redirects section as indicated in the .htaccess file you've posted.
For example:
## Begin - Custom redirects
#
# If you need to redirect some pages, or set a canonical non-www to
# www redirect (or vice versa), place that code here. Ensure those
# redirects use the correct RewriteRule syntax and the [R=301,L] flags.
#
RewriteRule ^oldpage$ /newpage [R=301,L]
RewriteRule ^subfolder/oldpage/$ /subfolder/newpage/ [R=301,L]
## End - Custom redirects
The first argument to the RewriteRule directive is a regex that matches the requested URL-path only. Note that the URL matched does not start with a slash. Any query string is passed through to the target URL by default. If this is not required then include the QSD (Query String Discard) flag as well. ie. [QSD,R=301,L].
NB: Test first with R=302 (temporary) redirects to avoid potential caching issues.
You will likely need to clear your browser cache before testing.
I know this has been posted in other places, but I have not been able to make it work properly. I am just trying to get a simple redirect from my root / to /html folder and add a .html extension so the url isn’t www.websites.com/html/file.html but rather www.website.com/file. Does anyone have any idea how to do this type of rewrite?
This is about all I have working properly.
RewriteOptions inherit
RewriteEngine on
<FilesMatch "\.(ico|pdf|flv|jpg|jpeg|png|gif|js|css|swf)#$">
Header set Cache-Control "max-age=604800, public"
</FilesMatch>
RewriteBase /html/
This probably is what you are looking for:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond /html%{REQUEST_URI}.html -f
RequestRule ^ /html%{REQUEST_URI}.html [END]
For this to work the rewriting module needs to be loaded into the http server. Best is to implement such rules in the actual host configuration of the http server. If you do not have access to that (cheap hosting provider), then you can use a distributed configuration file (".htaccess"), but that needs to be enabled too.
I installed a security certificate installed on my website, and want to force all urls to use 'https' as well as 'www'. I updated the .htaccess by uncommenting:
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
However, upon saving, the site was not enforcing either the https or the www. I cleared cache and even restarted the server, and still no change- so I suspect there is a conflict in the file somewhere, but it may be something else as well. What would be the most efficient way to trouble shoot this to get the redirect to work properly? The file is currently as follows:
#
# Apache/PHP/Drupal settings:
#
# Protect files and directories from prying eyes.
<FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig\.save)$">
Order allow,deny
</FilesMatch>
# Don't show directory listings for URLs which map to a directory.
Options -Indexes
# Follow symbolic links in this directory.
Options +FollowSymLinks
# Make Drupal handle any 404 errors.
ErrorDocument 404 /index.php
# Set the default handler.
DirectoryIndex index.php index.html index.htm
# Override PHP settings that cannot be changed at runtime. See
# sites/default/default.settings.php and drupal_environment_initialize() in
# includes/bootstrap.inc for settings that can be changed at runtime.
# PHP 5, Apache 1 and 2.
<IfModule mod_php5.c>
php_flag magic_quotes_gpc off
php_flag magic_quotes_sybase off
php_flag register_globals off
php_flag session.auto_start off
php_value mbstring.http_input pass
php_value mbstring.http_output pass
php_flag mbstring.encoding_translation off
</IfModule>
# Requires mod_expires to be enabled.
<IfModule mod_expires.c>
# Enable expirations.
ExpiresActive On
# Cache all files for 2 weeks after access (A).
ExpiresDefault A1209600
<FilesMatch \.php$>
# Do not allow PHP scripts to be cached unless they explicitly send cache
# headers themselves. Otherwise all scripts would have to overwrite the
# headers set by mod_expires if they want another caching behavior. This may
# fail if an error occurs early in the bootstrap process, and it may cause
# problems if a non-Drupal PHP file is installed in a subdirectory.
ExpiresActive Off
</FilesMatch>
</IfModule>
# Various rewrite rules.
<IfModule mod_rewrite.c>
RewriteEngine on
# Set "protossl" to "s" if we were accessed via https://. This is used later
# if you enable "www." stripping or enforcement, in order to ensure that
# you don't bounce between http and https.
RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
# Make sure Authorization HTTP header is available to PHP
# even when running as CGI or FastCGI.
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Block access to "hidden" directories whose names begin with a period. This
# includes directories used by version control systems such as Subversion or
# Git to store control files. Files whose names begin with a period, as well
# as the control files used by CVS, are protected by the FilesMatch directive
# above.
#
# NOTE: This only works when mod_rewrite is loaded. Without mod_rewrite, it is
# not possible to block access to entire directories from .htaccess, because
# <DirectoryMatch> is not allowed here.
#
# If you do not have mod_rewrite installed, you should remove these
# directories from your webroot or otherwise protect them from being
# downloaded.
RewriteRule "(^|/)\." - [F]
# If your site can be accessed both with and without the 'www.' prefix, you
# can use one of the following settings to redirect users to your preferred
# URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
#
# To redirect all users to access the site WITH the 'www.' prefix,
# (http://example.com/... will be redirected to http://www.example.com/...)
# uncomment the following:
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ http%{ENV:protossl}://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#
# To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.example.com/... will be redirected to http://example.com/...)
# uncomment the following:
# RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
# RewriteRule ^ http%{ENV:protossl}://%1%{REQUEST_URI} [L,R=301]
# Modify the RewriteBase if you are using Drupal in a subdirectory or in a
# VirtualDocumentRoot and the rewrite rules are not working properly.
# For example if your site is at http://example.com/drupal uncomment and
# modify the following line:
# RewriteBase /drupal
#
# If your site is running in a VirtualDocumentRoot at http://example.com/,
# uncomment the following line:
# RewriteBase /
# Pass all requests not referring directly to files in the filesystem to
# index.php. Clean URLs are handled in drupal_environment_initialize().
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^ index.php [L]
# Rules to correctly serve gzip compressed CSS and JS files.
# Requires both mod_rewrite and mod_headers to be enabled.
<IfModule mod_headers.c>
# Serve gzip compressed CSS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.css $1\.css\.gz [QSA]
# Serve gzip compressed JS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.js $1\.js\.gz [QSA]
# Serve correct content types, and prevent mod_deflate double gzip.
RewriteRule \.css\.gz$ - [T=text/css,E=no-gzip:1]
RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]
<FilesMatch "(\.js\.gz|\.css\.gz)$">
# Serve correct encoding type.
Header set Content-Encoding gzip
# Force proxies to cache gzipped & non-gzipped css/js files separately.
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>
</IfModule>
Bonus question (and thank you for making it this far!)- I downloaded a copy of Drupal to replace the htaccess file in case there was an issue, and it came unformatted, while the version that had been installed is certainly easier to read as it is formatted nicely w/ breaks and such. I'm assuming there's a trick to viewing the file so it is not crunched together- but any insight on that would be greatly appreciated!
**Formatting was indeed notepad- once dropping into sublime it worked as expected, thanks to msg.
**Update to issue:
Thank you msg - so with your comment about working out of the box, I decided to redownload the same version of Drupal and copied over the htaccess file, then uncommented as before, and added the 3 lines of code just below "RewriteEngine" - www is now properly working, but the force to use secure is still not. the section of relevant code (as far as I can tell) is:
# Various rewrite rules.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Set "protossl" to "s" if we were accessed via https://. This is used later
# if you enable "www." stripping or enforcement, in order to ensure that
# you don't bounce between http and https.
RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
# Make sure Authorization HTTP header is available to PHP
# even when running as CGI or FastCGI.
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
Are the lines added potentially conflicting with other code that was uncommented?
The default .htaccess should work out of the box, so I'd begin with the checklist:
Verify that mod_rewrite is loaded: apache2ctl -D DUMP_MODULES
Make sure that .htaccess files aren't forbidden: There is no AllowOverride None in the server configuration.
Enable rewrite log
As for the formatting, looks like the editor doesn't show line feeds properly. Notepad by any chance?
EDIT: Upon having a second look, this doesn't actually redirect to the https version of the page, just makes sure that keeps the same protocol as the original request. Try adding this after RewriteEngine on:
RewriteCond %{HTTPS} off
RewriteRule ^ https://www.yoursitehere.com [R,L]
EDIT2: It shouldn't, but I've a couple of things to point out:
X-Forwarded-Proto could be causing problems if it's not set. If you don't have a loadbalancer or proxy, try commenting it out.
I have sometimes encountered instances where %{HTTPS} isn't set and I resorted to using %{SERVER_PORT} o %{SERVER_PROTOCOL}.
I'm not sure if it's a bug or just behaviour dependent on apache version. This is where some debugging or trial and error comes in.
Other than that, some of the rules are now a bit inefficient. Let's have a look:
RewriteCond %{HTTPS} off
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
This checks if the request came via regular HTTP and if that the case, it redirects to https in whatever ServerAlias the request came in and stops further processing ([L]). This is the perfect opportunity to redirect to a canonical version.
You still have to check if the request came in via the canonical version, just in case, as it's done in the block:
RewriteCond %{HTTP_HOST} !^www\.
That would cause another redirection for the client.
Or you could combine that Cond with ours with [OR] flag and be done.
Thank you for your help #msg. Unfortunately in my case that I ultimately ended up using iis to redirect, which I noticed only updated settings.config. If you have any insight on what connection there might be there I'd be very interested to hear it though.
After switching to https and adding following lines to .htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Header set Strict-Transport-Security "max-age=31536000" env=HTTPS
Everything seems to be working fine - even if someone type http://mywebsite.com will be redirected to https://.
However, as per my understanding, HSTS should also enforce all content to be loaded via https if possible. Unfortunately, every now and then if someone makes a mistake and load some image (hosted on the same domain) via http:// instead of https:// Chrome will show a mixed content warning.
Did I make some mistake or my understanding of HSTS is wrong?
Is there a way to disable the server signature without access to the httpd.conf?
I can't access to the php.ini too...
I am allowed to edit only the .htaccess
In the .htaccess I tried to add:
1) this, but makes no effect:
RewriteCond %{QUERY_STRING} \=PHP[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12} [NC]
RewriteRule .* - [F]
2) this, but "ServerTokens Prod" gives me an error 500
ServerSignature Off
ServerTokens Prod
Adding only "ServerSignature Off", the signature disappears only from the document, but in the response headers it is still present...
How can I remove it?
ServerTokens is only for server config not .htaccess.
http://httpd.apache.org/docs/2.2/en/mod/core.html#servertokens
Have you tried to add these lines in .htacess file:
ServerSignature Off
Header unset Etag
FileETag none