I'm trying to deny access to couple of subdirectories (when using specific url) that are in www-root.
My goal is:
Make domain.com/subdir{1-3} to deny access.
Make subdir{1-3}.domain.com to point to %{DOCUMENT_ROOT}/subdir{1-3}. Already works.
I want to write rules to httpd.conf without having to use .htaccess files and use only one Directory section if possible.
Here's what I've tried:
<Directory "/var/www/subdir1">
<IfModule rewrite_module>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/subdir1 [NC]
RewriteRule ^.* - [F]
</IfModule>
</Directory>
But no go.
//E
Got it working, here's what I did:
<Directory />
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/subdir1/ [OR]
RewriteCond %{REQUEST_URI} ^/subdir2/ [OR]
RewriteCond %{REQUEST_URI} ^/subdir3/ [OR]
RewriteCond %{REQUEST_URI} ^/subdir4/
RewriteRule .* - [F]
</IfModule>
</Directory>
Is there anything I should change to make it more safe?
Everything works except subdir3 which points to ownclouds root dir. It must have something to do with ownclouds own rewrite rules:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteRule ^.well-known/host-meta /public.php?service=host-meta [QSA,L]
RewriteRule ^.well-known/host-meta.json /public.php?service=host-meta-json [QSA,L]
RewriteRule ^.well-known/carddav /remote.php/carddav/ [R]
RewriteRule ^.well-known/caldav /remote.php/caldav/ [R]
RewriteRule ^apps/calendar/caldav.php remote.php/caldav/ [QSA,L]
RewriteRule ^apps/contacts/carddav.php remote.php/carddav/ [QSA,L]
RewriteRule ^apps/([^/]*)/(.*\.(css|php))$ index.php?app=$1&getfile=$2 [QSA,L]
RewriteRule ^remote/(.*) remote.php [QSA,L]
</IfModule>
Tips are welcome.
Try:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www\.)?domain\.com$ [NC]
RewriteRule ^subdir1 - [L,F]
RewriteCond %{HTTP_HOST} ^subdir1\.domain\.com$ [NC]
RewriteCond %{REQUEST_URI} !^/subdir1/
RewriteRule ^(.*)$ /subdir1/$1 [L]
for "subdir1".
Related
I'd like to do 2 things with htaccess but I can't figure out how to do it.
Let's say my domain is domain.com
First, I'd like to force www. in the url with a 301 redirect.
Another thing, my website is not hosted in the root directory but in /laravel/public/
So I'd like to set this subdirectory as root, and remove it from the URL if someone try www.domain.com/laravel/public/ => www.domain.com
How can I do that?
Thanks in advance.
Assuming that you can't change the document root to point to your public folder, you can try adding these rules to document root (not your public folder):
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [L,R=301]
RewriteCond %{THE_REQUEST} \ /+lavarel/public/([^\?\ ]*)
RewriteRule ^ /%1 [L,R=301]
RewriteCond %{REQUEST_URI} !^/laravel/public/
RewriteRule ^(.*)$ /laravel/public/$1 [L]
You'll need to have your own .htaccess file in the root of your domain, along with another in the laravel/public directory (there already is one there, but you need to modify it.
Below are the two files in full as I have them on my testing server.
/.htaccess
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# Rewrite requests to the laravel/public index
RewriteCond %{REQUEST_URI} !^/laravel/public/
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ /laravel/public/$1 [L]
</IfModule>
/laravel/public/.htaccess
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# Force www. (also strips laravel/public)
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
# Strip laravel/public, prevent loops
RewriteCond %{ENV:REDIRECT_STATUS} !200
RewriteCond %{REQUEST_URI} ^/laravel/public(/.+)/? [NC]
RewriteRule ^ %1 [R=301,L]
# Redirect Trailing Slashes...
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
I'm very new to coding in general so please forgive me for my ignorance in the subject. I understand that their is a few questions similar to this, but none have seemed to work for me. Useful information is always welcome please due you're best to explain everything to me even if it seems a bit excessive because I'm fairly uneducated in theses particular subjects.
Here is my entire htaccess file located in my root forum directory.
RewriteOptions inherit
RewriteEngine on
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteBase /forums/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule \.(jpeg|jpg|gif|png)$ /forums/public/404.php [NC,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /forums/index.php [L]
</IfModule>
<Files 403.shtml>
order allow,deny
allow from all
</Files>
RewriteCond %{HTTP_HOST} ^perspectiverp\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.perspectiverp\.com$
RewriteRule ^home$ "https\:\/\/www\.perspectiverp\.com\/forums\/" [R=301,L]
RewriteCond %{HTTP_HOST} ^perspectiverp\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.perspectiverp\.com$
RewriteRule ^Home$ "https\:\/\/www\.perspectiverp\.com\/forums\/" [R=301,L]
RewriteCond %{HTTP_HOST} ^perspectiverp\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.perspectiverp\.com$
RewriteRule ^/?$ "https\:\/\/www\.perspectiverp\.com\/forums\/" [R=301,L]
My site will always connect to the website through https:// unless it is being directly told to do otherwise e.g. http://perspectiverp.com/forums/. My issue is that as my general connection is being directed through https:// users can still connect through http:// which is a major security flaw. I basically need it to be similar to how google has their system to automatically redirect http:// to https:// even if the user attempts to change it in the web address
e.g. http:/ww.google.com/ gets redirected to https:/ww.google.com/?gws_rd=ssl if the user attempts to change it to*http:/ww.google.com/.
As for anyone wanting to know what the forum software is, I'm currently using a Licensed version of Invision Powers Community Suit.
// UPDATED
First attempt Result was "Webpage has Redirect Loop"
RewriteOptions inherit
RewriteEngine on
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteBase /forums/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule \.(jpeg|jpg|gif|png)$ /forums/public/404.php [NC,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /forums/index.php [L]
</IfModule>
<Files 403.shtml>
order allow,deny
allow from all
</Files>
RewriteCond %{HTTPS} =off
RewriteRule ^ https://www.perspectiverp.com%{REQUEST_URI} [R,L]
RewriteCond %{HTTP_HOST} ^(www\.)?perspectiverp\.com$ [NC]
RewriteRule ^(home)?$ https://www.perspectiverp.com/forums/ [R=301,NC,L]
Second attempt Result was "Webpage has Redirect Loop"
RewriteOptions inherit
RewriteEngine on
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteBase /forums/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule \.(jpeg|jpg|gif|png)$ /forums/public/404.php [NC,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /forums/index.php [L]
</IfModule>
<Files 403.shtml>
order allow,deny
allow from all
</Files>
RewriteCond %{HTTPS} =off
RewriteRule ^ https://www.perspectiverp.com%{REQUEST_URI} [R,L]
RewriteCond %{HTTP_HOST} ^(www\.)?perspectiverp\.com$ [NC]
RewriteRule ^home$ https://www.perspectiverp.com/forums/ [R=301,NC,L
Third attempt Result was "Webpage has Redirect Loop"
RewriteOptions inherit
RewriteEngine on
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteBase /forums/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule \.(jpeg|jpg|gif|png)$ /forums/public/404.php [NC,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /forums/index.php [L]
</IfModule>
<Files 403.shtml>
order allow,deny
allow from all
</Files>
RewriteCond %{HTTPS} =off
RewriteRule ^ https://www.perspectiverp.com%{REQUEST_URI} [R,L]
RewriteCond %{HTTP_HOST} ^perspectiverp\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.perspectiverp\.com$
RewriteRule ^home$ "https\:\/\/www\.perspectiverp\.com\/forums\/" [R=301,L]
RewriteCond %{HTTP_HOST} ^perspectiverp\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.perspectiverp\.com$
RewriteRule ^Home$ "https\:\/\/www\.perspectiverp\.com\/forums\/" [R=301,L]
RewriteCond %{HTTP_HOST} ^perspectiverp\.com$ [OR]
RewriteCond %{HTTP_HOST} ^www\.perspectiverp\.com$
Add the following just before your last three https:// rewrite rules.
RewriteCond %{HTTPS} =off
RewriteRule ^ https://www.perspectiverp.com%{REQUEST_URI} [R,L]
Once everything works as expected change R to R=301 above. Also, notice how the URL in my rewrite rule does not quote and escape any forward slashes as it isn't required.
You can also replace your last three rules with just this one:
RewriteCond %{HTTP_HOST} ^(www\.)?perspectiverp\.com$ [NC]
RewriteRule ^(home)?$ https://www.perspectiverp.com/forums/ [R=301,NC,L]
The NC flag makes the rule case-insensitive so home and Home both will match. The ? makes the preceding group () optional; so the RewriteCond works with both www and without it, and the RewriteRule matches on / as well.
I forced https:// through a reverse proxy server (Cloudflare) and was able to force my website to accept https:// traffic only.
So I have the following code:
ServerName test.com
ServerAlias *.test.com
DocumentRoot /var/www/test.com/public_html
Options All -Indexes
FileETag none
ServerSignature Off
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
RewriteCond %{ENV:REDIRECT_STATUS} .+
RewriteRule ^ - [L]
RewriteCond %{HTTP_HOST} ^(.*)\.test\.com$ [NC]
RewriteRule ^$ /%1.php [L,NC,QSA]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{HTTP_HOST} ^([^.]+)\.test\.com$ [NC]
RewriteRule ^(.+)/?$ /%1.php?o=$1 [L,NC,QSA]
</IfModule>
On my old server I had this in a .htaccess file (minus the documentroot part) and it worked fine doing this:
sub.test.com -> test.com/sub.php
It still does this correctly, but now that I have moved it into the sites-available config file, if I try to access a file, it breaks and uses that same rule as the file to get:
sub.test.com/file.css -> test.com/sub.php
Is there a way to keep it from doing this? (I tried doing RewriteCond %{REQUEST_FILENAME} !-f and such but it didn't seem to care much about that rule).
Thanks
Inside Apache config try this code:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
RewriteCond %{ENV:REDIRECT_STATUS} .+
RewriteRule ^ - [L]
RewriteCond %{HTTP_HOST} ^(.*)\.test\.com$ [NC]
RewriteRule ^/?$ /%1.php [L,NC,QSA]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{HTTP_HOST} ^([^.]+)\.test\.com$ [NC]
RewriteRule ^/?(.+?)/?$ /%1.php?o=$1 [L,NC,QSA]
</IfModule>
Apache config matches a leading slash in RewriteRule unlike htaccess
I have the below code in my .htaccess file, this all works fine.
RewriteEngine On
RewriteCond %{REQUEST_URI} ^(.*)//(.*)$
RewriteRule . %1/%2 [R=301,L]
RewriteRule ^(.*),(.*)$ $2.php?rewrite_params=$1&page_url=$2
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ index.php [F,L]
RewriteRule ^stores/([0-9a-z.-]+)/?$ shop.php?shop_id=$1 [L,QSA,NC]
RewriteRule ^stores/([0-9a-z.-]+)/ajax_files/watch_item\.php$ ajax_files/watch_item.php [L,QSA,NC]
RewriteRule ^stores/([0-9a-z.-]+)/ajax_files/save_field\.php$ ajax_files/save_field.php [L,QSA,NC]
RewriteRule ^stores/([0-9a-z.-]+)/images/form-cb-icons\.png$ images/form-cb-icons.png [L,NC]
RewriteRule ^group-break/([0-9]+)/[0-9a-z.-]+/?$ group_break.php?cb_id=$1 [L,NC]
RewriteRule ^group-breaks/([a-z]+)-[a-z-]+/?$ group_breaks.php?tab=$1 [L,NC]
However I'm trying to add a new rule at the bottom which is this:
RewriteRule ^billing/client/login/?$ login.php [L,NC]
However this doesn't appear to work. Not sure if it matters or not but the billing directory also has a .htaccess file which may be overwriting it? The contents of that file are below:
<Files ~ "\.(pdt)$">
order deny,allow
deny from all
</Files>
# Protect against Clickjacking
#Header append X-Frame-Options "SAMEORIGIN"
RewriteEngine on
# Force HTTPS
#RewriteCond %{HTTPS} !=on
#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=307,NE,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php
RewriteCond %{REQUEST_URI} ^(.*)/install.php$
RewriteRule install.php %1/install/ [R=301,L]
I wanted to put my code in the root .htaccess file as the one inside the billing dir is for other software which may get overwritten.
Can this be done?
Yes your guess is right. If /billing/.htaccess exists with some rewrite rules then you need to add this rule in /billing/.htaccess file:
<Files ~ "\.(pdt)$">
order deny,allow
deny from all
</Files>
# Protect against Clickjacking
#Header append X-Frame-Options "SAMEORIGIN"
RewriteEngine on
# Force HTTPS
#RewriteCond %{HTTPS} !=on
#RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=307,NE,L]
RewriteCond %{REQUEST_URI} ^(.*)/install.php$
RewriteRule install.php %1/install/ [R=301,L]
RewriteRule ^client/login/?$ /login.php [L,NC]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php [L]
I'm trying to set a site live. The site works perfectly fine on a live dev server which we've been using to show the site to the client. Here is the htaccess from the live dev (works fine):
<IfModule mod_rewrite.c>
Options +FollowSymlinks
RewriteEngine On
#RewriteCond %{HTTPS} !=on
#RewriteCond %{HTTP_HOST} !^www\..+$ [NC]
#RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Rewrite to 'public' folder
RewriteCond %{HTTP_HOST} ^livedev.domain.com$
RewriteCond %{REQUEST_URI} !public/
RewriteRule (.*) public/$1 [L]
</IfModule>
AuthType Basic
AuthName "dev16"
AuthUserFile "/home/site/.htpasswds/public_html/passwd"
require valid-user
And here's the .htaccess from the live site:
<IfModule mod_rewrite.c>
Options +FollowSymlinks
RewriteEngine On
#RewriteCond %{HTTPS} !=on
#RewriteCond %{HTTP_HOST} !^www\..+$ [NC]
#RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Rewrite to 'public' folder
RewriteCond %{HTTP_HOST} ^livesite.co.uk$
RewriteCond %{REQUEST_URI} !public/
RewriteRule (.*) public/$1 [L]
</IfModule>
The 2 are identical except for the HTTP_HOST and the removal of the authentication.
It gives me a generic "Internal Server Error".
I have tried deleting the contents of .htaccess which just gives me page not found so the issue definitely lies in .htaccess.
A total .htaccess virgin, what steps can I take to find the cause of the issue?
Thanks
(It's Laravel 3.2.13)
Use at same level of /public
This way first redirect to public
RewriteEngine on
RewriteCond %{HTTP_HOST} ^domain.com$ [NC,OR]
RewriteCond %{HTTP_HOST} ^www.domain.com$
RewriteCond %{REQUEST_URI} !public/
RewriteRule (.*) /public/$1 [L]
And inside /public
then, you handle index.php
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
</IfModule>
<IfModule mod_rewrite.c>
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
</IfModule>
I had exactly same setup as RamiroRS answer, but still got Internal Server Error. My problem was in file permissions. Folders should be 0755 and files 0644.