Website security issue:: URL rewrite [closed] - apache

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 8 years ago.
Improve this question
I am wondering is there anyway i could rewrite my urls in .htaccess .My website is proned to hackers due to usage of query string.My current website url structure looks like this:
www.mysite.com/index.php?page=about.php
www.mysite.com/index.php?page=services.php
www.mysite.com/index.php?page=home.php
How can i replace my "index.php?page=" in .htaccess file so that the visitor can only access pages like this : "www.mysite.com/service.php" ,"www.mysite.com/about.php" etc
I would appreciate if you could help me in this regard.

The blanket solution is to do a wildcard match, but this simply does the rewrite and doesn't address security.
RewriteEngine On
RewriteRule ^index.php?page=(.*)$ /$1.php [NC]
To lock things down a bit more, you can be specific in your rewrites:
RewriteEngine On
RewriteRule ^index.php?page=about.php$ /about.php [NC]
RewriteRule ^index.php?page=services.php$ /services.php [NC]
RewriteRule ^index.php?page=home.php$ /home.php [NC]
This method requires a bit more manual intervention, but that could be a workable tradeoff if you do not have many pages. If the number of pages you need to rewrite is unmanageable manually, then you would need to look to supplement this with logic in your PHP scripts.
For a full rundown on how to use Apache rewrite rules, I recommend reading the official documentation.

Related

Is it possible to enable access to a URL without the .html extension but not redirect? (.htaccess) [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
I know how to redirect all URLs to the version that does not contain the .html extension, but I cannot seem to find how to allow pages to be accessed with and without the .html extension.
To access .html pages without extension, you can use the following rule :
RewriteEngine on
RewriteCond %{REQUEST_FILENAME}.html -f
RewriteRule ^(.*?)/?$ /$1.html [L]
You can also enable muliviews on your server to access all files without using their extensions, to enable multiviews, add the following line to your htaccess
Options +Multiviews

hiding url extensions [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 8 years ago.
Improve this question
I want to hide the extension of file names in my website url, primarily ".php" .
So if a user goes to "www.mysite.com/home.php" then this will show in the url as "www.mysite.com/home".
I am using GoDaddy hosting, it supports Apache and I am using the following .htaccess (rewrite engine) method:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteCond %{REQUEST_URI} !/$
RewriteRule (.*) $1\.php [L]
I have tried uploading this and it still does not hide the extensions, I have also tried re-pointing my URLs from <a hrefe="home.php"> to <a href="home">.
I have tried keeping the files on my server as "home.php" and tried removing the ".php" so it's just "home".
Whatever I do I cannot get this to work.
Please can someone show me a way of doing this?
Remove the \. Replacement values are not regexes.

Generating a subdomain wrecks url's with IP? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Closed 8 years ago.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
This question does not appear to be about programming within the scope defined in the help center.
Improve this question
On my site until today these 2 URLS gave me the same result:
www.mysite.com/test.jpg
10.10.10.10/test.jpg
(where 10.10.10.10 is my static IP address)
Today I used cPanel to generate a new subdomain (blog.mysite.com) and since then
10.10.10.10/test.jpg
resolves to
www.mysite.com/blog/test.jpg
(which doesn't exist)
My ISP tech support says that by default any new subdomain comes on top in the apache conf file, so by making a new subdomain it gets inserted when calling URLs by IP.
What would be the best way to get back to the original functionality?
I can't edit the server conf files but can edit my own htaccess.
You can use mod_rewrite. Try placing this in an .htaccess file in your document root (for the blog.mysite.com site)
RewriteEngine On
RewriteCond %{HTTP_HOST} ^10.10.10.10$
RewriteRule ^(.*)$ http://www.mysite.com/$1 [R=301,L]
Or replace the R=301 flag with P if you really don't want to redirect the browser.

Redirect subdomain with www. to without www [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I know there are a lot of such questions, but I could not find a suitable answer.
I am on a shared shell with web hosting.
I have a subdomain- "xyz.abc.com".
The problem is that when I type an extra "www." preceding it i.e. "www.xyz.abc.com", it redirects to the root website which hosts the shell i.e. "www.abc.com" instead of opening "xyz.abc.com".
I had contacted the admin. and he said that he cannot change the redirection settings as he will have to rewrite 2000 lines of APACHE server code.
I tried changing the .htaccess file in my public_html directory i.e "/home/usr/public_html/.htaccess" to include this:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
This does not help.
I tried adding a .htaccess at "/home/usr/.htaccess". This too does not work.
I cannot add any files at "/home".
Is there any easy way for the admin. to change this redirection problem.
Most people tend to add a "www." before any web address.
The default virtual host (in this case, apparently abc.com's main site) will be the one that answers for domains the server gets requests for but doesn't know about. In your case, the server knows that xyz.abc.com goes to your site. However, it's never heard of www.xyz.abc.com. And since it hasn't, the request goes to the default site, which probably does its own 301 to bounce to the site it expects to be (which is apparently www.abc.com).
In order to fix this, assuming the host isn't willing to modify their own web site for you (and of course, assuming that the domain name www.xyz.abc.com points to the same server as xyz.abc.com), someone needs to add www.xyz.abc.com or *.xyz.abc.com to the list of domain aliases for your site. If the server was set up decently for hosting, that's one line (ServerAlias *.xyz.abc.com) in the configuration for that site. 2000 lines amounts to an Apache config for an entire small-to-medium-capacity web server, including a dozen or so individual name-based virtual hosts. If the admin was not exaggerating, then they're basically telling you that that server is not set up for real, business-grade web hosting -- they're probably doing a cheesy mass-vhost thing that can't be tailored for individual users.
If you can't get the admin to fix up the server aliases for you, one alternative would be to acquire yourself a domain from a registrar that offers "URL forwarding". When set up properly, that'd point your domain at a site that simply redirects to xyz.abc.com. That's kinda ugly, but it works as long as all the links within your site go to xyz.abc.com (some URL forwarders might not pay attention to the resource part of the URL, and might redirect everything to /). And it doesn't require the admin to do anything.

Redirect all requests to a certain folder using .htaccess [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I really need some help on a HTACCESS file - if someone could help me it would be very much appreciated.
All I want to do is redirect any request to the folder /test/
So if you go to my website http://www.example.com, I want it to auto-redirect via the HTACCESS file to /test/ directory!
Every time I try to do it, it causes a redirect loop! Help! :(
If anyone has any idea of how exactly I could do this it would be much appreciated.
Thanks for you're help.
Please note: I am trying to redirect from one website to the same website but just in a different folder. i.e. I want example.com to redirect to example.com/test/
RewriteCond %{REQUEST_URI} !=/test
RewriteRule ^ /test [R=301]
redirect / http://www.expample.com/test/