I am developing a tool and I'm stuck at this point: I want to define a set of rules for each directory, basically I want only 'Public' folder avaible, and to deny access to other folders.
My directoy structure is
uapi(root)/
Application
Config
Public/
Index.php
Storage
.htaccess
and here is .htaccess file
<Directory /Public>
Order Deny, Allow
Allow from all
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ Index.php/$1 [L]
</IfModule>
</Directory>
<Directory /Config>
Order Deny, Allow
Deny from all
</Directory>
<Directory /Application>
Order Deny, Allow
Deny from all
</Directory>
<Directory /Storage>
Order Deny, Allow
Deny from all
</Directory>
As this doc page says, you cannot use the <Directory> directive inside htaccess, but only inside server conf files.
This is not a problem in your case anyway: you can store one .htaccess file inside each directory, eg. create these files:
Public/.htaccess
Order Deny, Allow
Allow from all
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ Index.php/$1 [L]
</IfModule>
/Config/.htaccess
Order Deny, Allow
Deny from all
/Application/.htaccess
Order Deny, Allow
Deny from all
/Storage/.htaccess
Order Deny, Allow
Deny from all
You can do all that using mod_rewrite itself from your main DOCUMENT_ROOT/.htaccess file. Use this code:
Options +FollowSymLinks -MultiViews
# Turn mod_rewrite on
RewriteEngine On
RewriteBase /
RewriteRule ^(Application|Storage)(/.*|)$ - [NC,F]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^Public/(.*)$ /Public/Index.php/$1 [L,NC]
This code will throw Forbidden error for all the requests for /Storage/* or /Application/* but will let /Public/* be handled by /Public/index.php.
For Apache httpd server 2.4 you can do that in this way:
In httpd.conf or in a .conf file in httpd/conf.d/ dir.
<Directory "/uapi/">
Require all denied
</Directory>
<Directory "/uapi/public">
Require all granted
</Directory>
I tested this config. The reference is here.
You should be able to do this in .htaccess files too, if you don't have access to the Apache config files.
That would be, in /uapi/.htaccess:
Require all denied
and in /uapi/Public/.htaccess
Require all granted
As mentioned above, you can't use inside an .htaccess file. From Apache docs:
Note that unlike <Directory> and <Location> sections, <Files> sections can be used inside .htaccess files.
More general documentation:
https://httpd.apache.org/docs/2.4/howto/access.html
Related
With Reference htaccess RewriteRule redirecting to parent directory?
Thank you Francesco Casula, your answer was very helpful, application now redirects from one document root to other. I am facing infinite redirects issue.
I have following repositories with different version.
/var/www/portal/version/1.1.1/public/ binded with (api.somedomain.com)
/var/www/portal/version/1.1.2/public/
/var/www/portal/version/1.1.3/public/
/var/www/portal/version/1.1.4/public/
I want to execute api in following order (by version)
api.somedomain.com/qr ---> /var/www/portal/version/1.1.1/public/
api.somedomain.com/v2/qr ---> /var/www/portal/version/1.1.2/public/
api.somedomain.com/v3/qr ---> /var/www/portal/version/1.1.3/public/
api.somedomain.com/v4/qr ---> /var/www/portal/version/1.1.4/public/
My httpd.conf is
AliasMatch ^/v2/(.*)$ "/var/www/portal/version/1.1.2/public/"
<Directory "/var/www/portal/version/1.1.2/public">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
Allow from all
</Directory>
.
.
AliasMatch ^/v4/(.*)$ "/var/www/portal/version/1.1.4/public/"
<Directory "/var/www/portal/version/1.1.4/public">
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
Allow from all
</Directory>
and .htaccess in /var/www/portal/version/1.1.4/public/ contains
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# Redirect Trailing Slashes...
RewriteRule ^(.*)/$ /$1 [L,R=301]
RewriteCond %{REQUEST_URI} ^/v2/(.*)$
RewriteRule ^(.*)$ v2/index.php [QSA,L] # p2 is the symlink name!
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
When I hit https://api.somedomain.com/v2/invitebysms
I get too many redirects error and browser shows
https://api.somedomain.com/v2/invitebysms/index.php/index.php/index.php/index.php/index.php/index.php/index.php/index.php/index.php/index.php/index.php/index.php/index.php/index.php/index.php/index.php/index.php/index.php/index.php/index.php/
I think what you're going for is the following:
Alias /v4/ /var/www/portal/version/1.1.4/public/
<Directory /var/www/portal/version/1.1.4/public/>
Require all granted
FallbackResource /v4/index.php
</Directory>
In as far as I understand what you're trying to accomplish, the above, in your server config (delete the .htaccess file entirely) will do what you want. (Repeat for v2, v3, and so on.)
I am assuming here that you're running at least 2.2.16 or later, and preferably 2.4. If not, let me know, and we'll try again.
this htaccess code work genially on old server, but on new is work perfectly without last RewriteRule. After put adress in web explorer for example sub.domain.com it load index.php. It may be by wrong setting of Apache? Or other?
Thanks a lot
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_HOST} ^domain\.com
RewriteRule ^hra/([0-9]+)/?$ /game2.php?id=$1 [L,QSA]
RewriteCond %{HTTP_HOST} ^sub\.domain\.com [NC]
RewriteRule ^$ /nacitanie.php [L]
in file 000-default.conf on new server in sites-enabled is part of enabling htaccess:
<Directory /home/juraj/WWW>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
in apache.conf on new server is part about htaccess too:
<Directory /home/juraj/WWW>
Options Indexes FollowSymLinks
AllowOverride All
Require all granted
</Directory>
The error was in condition of last RewriteRule, where in regular condition on new server must be added option with index.php
RewriteCond %{HTTP_HOST} "^sub\.domain\.com"
RewriteRule "^(index\.php|\?)$" "/nacitanie.php" [L,QSA]
I have player names working from the root directory something.com/username I also have an ID working to load a profile form ID instead something.com/id/1234, But I also want to be able to load my pages from index.php?page=about from something.com/about There are only about 6-10 pages, so I could create these manually in the htaccess.
I also need my search page to work with parameters something.com/search/searchterms
This is my current htaccess file.
# BEGIN Pretty Url's
Options -Indexes
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
#Rewrite all urls to use slash at the end.
#RewriteRule ^(.*[^/])$ ./$1/ [L,R=301]
RewriteRule ^([_A-Z0-9a-z-+\.]+)/?$ ./pages/player.php?p=$1 [L]
RewriteRule ^id/([_0-9-+\.]+)/?$ ./pages/player.php?id=$1 [L]
# END Pretty Url's
# BEGIN Security Features
# Deny config.php
<files config.php>
order allow,deny
deny from all
</files>
# Deny all .hta* files
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>
# Deny access to version file
<files inc/version.php>
order allow,deny
deny from all
satisfy all
</files>
# Deny access to security file
<files inc/security.php>
order allow,deny
deny from all
satisfy all
</files>
# END Security Features
Just add them all above the rules you already have:
RewriteEngine On
RewriteRule ^(about|page1|page2|etc)$ /index.php?page=$1 [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([_A-Z0-9a-z-+\.]+)/?$ ./pages/player.php?p=$1 [L]
RewriteRule ^id/([_0-9-+\.]+)/?$ ./pages/player.php?id=$1 [L]
Assuming the list of pages that you have is "about", "page1", "page2", and "etc". Note that doing something like this means you have have player names that are the same as your page names.
I am using apache2 (my dummy server) which is already install with my Debian. Every thing goes fine, but now the problem with my .htaccess
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^(.*)$ index.php?url=$1 [QSA,L]
It's not working
I think its because of apache2 version which am I using & maybe problems with my code or something I have to config on my server
I want to redirect my url to main index page if its a wrong entry or unavailable
After spending a whole day, I got my answer
In Folder
apache2>>sites-available>> There is file called default
In default we have to change it
From:
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>
TO:
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
Its working. It's enabled use of .htaccess files.
I'd like to add that /etc/apache2/mods-available/rewrite.load needs to be enabled:
a2enmod rewrite
On Debian I thought it was enabled by default, but mine wasn't.
This code:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^(.*)$ /index.php?url=$1 [QSA,R]
will redirect http://example.com/test.php to http://example.com/index.php?url=test.php if the file doesn't exist. The only difference between my code here and your one is I have [R] instead of [QSA,L] If it still doesn't work for you and you have the htaccess file in the root folder then, I don't think it's a htaccess file problem
Important to note that AllowOverride only works in <Directory> directives and will be ignored if placed inside <Location ...> section; this was my issue and it took me for a nice ride.
Only available in sections AllowOverrideList is valid only
in sections specified without regular expressions, not in
, or sections.
https://httpd.apache.org/docs/2.4/mod/core.html#allowoverride
I just installed an Ubuntu web server with apache2. I upload a CakePHP project. I also activated rewrite_mod.
# sudo a2enmod rewrite
When navigating to www.mysite.ch/pierre/contacts it states:
Not found
The requested URL /contacts was not found on this server.
In my local webserver, it works and I can see the contact page
If I remove my project and add a file phpinfo.php with the function phpinfo(), it show information about the server configuration and I do not have a message "not found"
I suspect that my redirection does not work.
What do you think?
Which are the basic step to make an Apache2 server working with an .htaccess file?
Here are is my .htaccess file (it is the default cakephp file, I have not changed it)
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^$ app/webroot/ [L]
RewriteRule (.*) app/webroot/$1 [L]
</IfModule>
Here is my httpd_conf file
<Directory /var/www/vhosts/metauxch/httpdoc>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order Allow,Deny
allow from All
</Directory>
Alias /pierre /var/www/vhosts/pierre/httpdoc
<Directory /var/www/vhosts/pierre/httpdoc>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order Allow,Deny
allow from All
</Directory>
Do you have some idea?
Change AllowOverride None to AllowOverride All in httpd_conf file
Enable mode rewrite,
sudo a2enmod rewrite
restart apache,
sudo /etc/init.d/apache2 restart
I am sorry, I forgetten to write but I did it
sudo a2enmod rewrite
sudo servive apache2 restart
This is done.
I also change this AllowOverride All
The probleme, now is when I enter
http://eflumpc38.epfl.ch/pierre/contacts
It state that te controller pierre (CakePHP) is missing. While pierre is the root and contacts is the controller.
Second point, when I clink on the Contact (root/contacts/)
I have a such URL
http://eflumpc38.epfl.ch/vhosts/pierre/httpdoc/contacts
instead of
http://eflumpc38.epfl.ch/pierre/contacts
Does some thing is wrong here
Alias /pierre /var/www/vhosts/pierre/httpdoc
<Directory /var/www/vhosts/pierre/httpdoc>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order Allow,Deny
allow from All
</Directory>
When I upload the same CakePHP projet on my usual provider, I do not have this issue.
Thank
try this solution.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^$ /app/webroot/ [L]
RewriteRule (.*) /app/webroot/$1 [L]
</IfModule>
CakePHP app directory (will be copied to the top directory of your application by bake):
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^$ /webroot/ [L]
RewriteRule (.*) /webroot/$1 [L]
</IfModule>
CakePHP webroot directory (will be copied to your application’s web root by bake):
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ /index.php [QSA,L]
</IfModule>