apache not loading htaccess - apache

I'm trying to get Apache to recognize the htaccess file at the root of my Drupal website but no matter what settings I try, it is simply ignored. The mod_rewrite module is loaded, AllowOverride is set to All and all paths are correct. The htaccess file has the most basic settings I could find but it doesn't matter because it still doesn't work if I fill it with garbage text. I've scoured the web trying to find answers but nothing has worked yet. Any ideas you may have would be helpful. I'm running CentOS 6.3 with Apache 2.2.15 and Drupal 7.
Here is the .htaccess file:
</IfModule>
# Various rewrite rules.
<IfModule mod_rewrite.c>
RewriteEngine on
# If you do not have mod_rewrite installed, you should remove these
# directories from your webroot or otherwise protect them from being
# downloaded.
RewriteRule "(^|/)\." - [F]
# Pass all requests not referring directly to files in the filesystem to
# index.php. Clean URLs are handled in drupal_environment_initialize().
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^ index.php [L]
# Rules to correctly serve gzip compressed CSS and JS files.
# Requires both mod_rewrite and mod_headers to be enabled.
<IfModule mod_headers.c>
# Serve gzip compressed CSS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.css $1\.css\.gz [QSA]
# Serve gzip compressed JS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.js $1\.js\.gz [QSA]
# Serve correct content types, and prevent mod_deflate double gzip.
RewriteRule \.css\.gz$ - [T=text/css,E=no-gzip:1]
RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]
<FilesMatch "(\.js\.gz|\.css\.gz)$">
# Serve correct encoding type.
Header set Content-Encoding gzip
# Force proxies to cache gzipped & non-gzipped css/js files separately.
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>
</IfModule>
Thanks,
-Dave

Related

htacess force to https protocol

I have a htaccess file that is forcing http:// connections to https:// however if the user happens to come along to my site at http://example.com/some-page instead of redirect to the same url but on https:// it redirects the user to the home page on a https connection why is this?
Below is my .htaccess,
#
# Apache/PHP/Drupal settings:
#
# Protect files and directories from prying eyes.
<FilesMatch "\.(engine|inc|info|install|make|module|profile|test|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\..*|Entries.*|Repository|Root|Tag|Template)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig\.save)$">
Order allow,deny
</FilesMatch>
# Don't show directory listings for URLs which map to a directory.
Options -Indexes
# Follow symbolic links in this directory.
Options +FollowSymLinks
# Make Drupal handle any 404 errors.
ErrorDocument 404 /index.php
# Set the default handler.
DirectoryIndex index.php index.html index.htm
# Override PHP settings that cannot be changed at runtime. See
# sites/default/default.settings.php and drupal_environment_initialize() in
# includes/bootstrap.inc for settings that can be changed at runtime.
# PHP 5, Apache 1 and 2.
<IfModule mod_php5.c>
php_flag magic_quotes_gpc off
php_flag magic_quotes_sybase off
php_flag register_globals off
php_flag session.auto_start off
php_value mbstring.http_input pass
php_value mbstring.http_output pass
php_flag mbstring.encoding_translation off
</IfModule>
# Requires mod_expires to be enabled.
<IfModule mod_expires.c>
# Enable expirations.
ExpiresActive On
# Cache all files for 2 weeks after access (A).
ExpiresDefault A1209600
<FilesMatch \.php$>
# Do not allow PHP scripts to be cached unless they explicitly send cache
# headers themselves. Otherwise all scripts would have to overwrite the
# headers set by mod_expires if they want another caching behavior. This may
# fail if an error occurs early in the bootstrap process, and it may cause
# problems if a non-Drupal PHP file is installed in a subdirectory.
ExpiresActive Off
</FilesMatch>
</IfModule>
# Various rewrite rules.
<IfModule mod_rewrite.c>
RewriteEngine on
# Set "protossl" to "s" if we were accessed via https://. This is used later
# if you enable "www." stripping or enforcement, in order to ensure that
# you don't bounce between http and https.
RewriteRule ^ - [E=protossl]
RewriteCond %{HTTPS} on
RewriteRule ^ - [E=protossl:s]
# Make sure Authorization HTTP header is available to PHP
# even when running as CGI or FastCGI.
RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Block access to "hidden" directories whose names begin with a period. This
# includes directories used by version control systems such as Subversion or
# Git to store control files. Files whose names begin with a period, as well
# as the control files used by CVS, are protected by the FilesMatch directive
# above.
#
# NOTE: This only works when mod_rewrite is loaded. Without mod_rewrite, it is
# not possible to block access to entire directories from .htaccess, because
# <DirectoryMatch> is not allowed here.
#
# If you do not have mod_rewrite installed, you should remove these
# directories from your webroot or otherwise protect them from being
# downloaded.
RewriteRule "(^|/)\." - [F]
# If your site can be accessed both with and without the 'www.' prefix, you
# can use one of the following settings to redirect users to your preferred
# URL, either WITH or WITHOUT the 'www.' prefix. Choose ONLY one option:
#
# To redirect all users to access the site WITH the 'www.' prefix,
# (http://example.com/... will be redirected to http://www.example.com/...)
# uncomment the following:
RewriteCond %{HTTP_HOST} .
RewriteCond %{HTTP_HOST} !^www\. [NC]
RewriteRule ^ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#
# To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.example.com/... will be redirected to http://example.com/...)
# uncomment the following:
# RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
# RewriteRule ^ https://%1%{REQUEST_URI} [L,R=301]
# Modify the RewriteBase if you are using Drupal in a subdirectory or in a
# VirtualDocumentRoot and the rewrite rules are not working properly.
# For example if your site is at http://example.com/drupal uncomment and
# modify the following line:
# RewriteBase /drupal
#
# If your site is running in a VirtualDocumentRoot at http://example.com/,
# uncomment the following line:
# RewriteBase /
# Pass all requests not referring directly to files in the filesystem to
# index.php. Clean URLs are handled in drupal_environment_initialize().
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
RewriteRule ^ index.php [L]
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Rules to correctly serve gzip compressed CSS and JS files.
# Requires both mod_rewrite and mod_headers to be enabled.
<IfModule mod_headers.c>
# Serve gzip compressed CSS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.css $1\.css\.gz [QSA]
# Serve gzip compressed JS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.js $1\.js\.gz [QSA]
# Serve correct content types, and prevent mod_deflate double gzip.
RewriteRule \.css\.gz$ - [T=text/css,E=no-gzip:1]
RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]
<FilesMatch "(\.js\.gz|\.css\.gz)$">
# Serve correct encoding type.
Header set Content-Encoding gzip
# Force proxies to cache gzipped & non-gzipped css/js files separately.
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>
</IfModule>
# Add headers to all responses.
<IfModule mod_headers.c>
# Disable content sniffing, since it's an attack vector.
Header always set X-Content-Type-Options nosniff
</IfModule>
AddType x-httpd-php7 .php
Modify your HTTP to HTTPS rule:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
to this:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]
or this:
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
This is my go to code. I put right under RewriteRule ^ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}].
# Force SSL
# Source: https://stackoverflow.com/questions/26620670
RewriteCond %{HTTP:X-Forwarded-Proto} !https
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301,NE]

How to enable simple compression with mod_deflate/gzip on Apache within .htaccess

I have the following .htaccess file for my website which is hosted on a Linux, Apache and PHP 5.4.41 stack:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
The following PHP 5.4.41 functionality is available to me on this server as shown here in the PHP info file:
http://88.208.252.229/phpinfo.php
I'm trying to optimise the website so that output from the server is compressed before being sent to the client over the network.
Now I believe this achieved with mod_deflate - The problem is that I don't know how to implement this in the .htaccess file.
In it's most simple form could I not enable compression for HTML files by making my overall .htaccess file look like this? I'm assuming the "/your-server-root/manual" would most likely be htdocs.
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
<Directory "/your-server-root/manual">
AddOutputFilterByType DEFLATE text/html
</Directory>
The final thing to mention that my server would be pre-processing a wide range of files and delivering them to the client such as .jpeg, .html etc. So I would want the mod_deflate to compress as much as reasonably possible.
If anyone can take the time to answer this and increase my understanding of the issue it would be very much appreciated. Thanks in advance.

php-fpm - How to execute certain symlinks as PHP scripts

I am running Apache 2.2 with FastCGI and php-fpm. I am trying to duplicate the following logic:
<FilesMatch "^(admin|api|app)?(_dev)?$">
#ForceType application/x-httpd-php
SetHandler php-fcgi
</FilesMatch>
Which allows me to symlink admin.php as admin, so I can remove the .php extension. It seems the only way to do this with php-fpm is to set the security.limit_extension of the www.conf file to empty, however, as the comments indicate, this is a pretty big security hole, in that php code can now be executed from within any file, regardless of extension.
What would be the preferred way to accomplish the above, but still maintain some semblance of security?
Looks like the best solution so far is to manually add the known symlinks to the list (located in /etc/php-fpm.d/www.conf):
security.limit_extension php admin admin_dev api api_dev app app_dev
Not sure if security.limit_extension directive can even take a regex, doesn't look like it, so this is about as good as it gets. As mentioned in the OP, you will still have to maintain the filesmatch directive in the vhost config as well:
<FilesMatch "^(admin|api|app)?(_dev)?$">
SetHandler php-fcgi
</FilesMatch>
-- Update --
Per the comments by tftd, adding current rewrite directive:
RewriteBase /
# we skip all files with .something
RewriteCond %{REQUEST_URI} \..+$
RewriteCond %{REQUEST_URI} !\.html$
RewriteRule .* - [L]
# we check if the .html version is here (caching)
RewriteRule ^$ index.html [QSA]
RewriteRule ^([^.]+)$ $1.html [QSA]
RewriteCond %{REQUEST_FILENAME} !-f
# no, so we redirect to our front web controller
RewriteRule ^(.*)$ index.php [QSA,L]
#Mike, based on your updated answer, something similar to this .htaccess file should be able to handle what you're trying to do:
# Enable the rewrite engine
RewriteEngine on
# Set the rewrite base path (i.e. if this .htaccess will be running at root context "/" or a subdir "/path")
RewriteBase /
# If the file exists, process as usual.
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule .* - [NC,L]
# If the dir exists, process as usual (if you don't need this, just comment/remove the next two lines).
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule .* - [NC,L]
# If (requested_file_name).html exists, rewrite to that file instead.
RewriteCond %{REQUEST_FILENAME}\.html -f
RewriteRule ^(.*)$ $1.html [QSA,L]
# If (requested file name).php exists, rewrite to that file instead.
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.html [QSA,L]
# If none of the above rules were triggered, fallback to index.php.
RewriteRule ^(.*)$ index.php [QSA,L]
With a bit of tweaking this should be able to do the job without the need of having to dive into httpd.conf and the <VirtualHost> nor <FilesMatch> directives. Hope this helps.

.htaccess How to redirect root URL to subdirectory files, rewrite to clean URL AND not affect subdomains?

Haven't been able to find what I'm looking for in .htaccess QA's on here so forgive me if this is duplicate. I have the following problem with a static HTML site. Structure is below.
My relative paths in info.html and contact.html have to use /home/css/style.css while index.html uses /css/style.css. Thanks for help.
Root
- .htaccess
↳ Drupal
- .git
↳ Dev
- .git
↳ Home
- .htaccess
- .git
- css
- js
- img
- info.html
- contact.html
- index.html
Goal
Dev.example.com to use all the files from /Dev
example.com to use all the files from example.com/home
example.com/info to redirect from example.com/home/info.html.
example.com/contact to redirect from example.com/home/contact.html.
What I've tried so far
in root .htaccess
# Set a default home directory, (this subfolder always loads)
# RewriteEngine On
# RewriteCond %{THE_REQUEST} ^GET\ /home/
# # RewriteCond %{HTTP_HOST} ^(www\.)?example.com$
# RewriteRule ^home/(.*) /$1 [L,R=301]
# RewriteCond %{HTTP_HOST} ^(www\.)?example.com$
# RewriteRule !^home/ home%{REQUEST_URI} [L]
Options -Indexes
ErrorDocument 404 /missing.html
# compress text, html, javascript, css, xml:
AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/javascript text/css application/x-javascript
BrowserMatch ^Mozilla/4 gzip-only-text/html
BrowserMatch ^Mozilla/4.0[678] no-gzip
BrowserMatch bMSIE !no-gzip !gzip-only-text/html
<FilesMatch "\.(htm|html|css|js)$">
AddDefaultCharset UTF-8
</FilesMatch>
RedirectMatch 404 "(?:.*)/(?:\.git|file_or_dir)(?:/.*)?$"
# remove .html from html file names
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .*[^/]$ %{REQUEST_URI}/ [L,R=301]
RewriteCond %{REQUEST_FILENAME}.html -f
RewriteRule ^(.+)/$ $1.html [L]
And in Root/drupal .htaccess
default drupal stuff
Closest answers I could find on SO:
.htaccess rewrite to redirect root URL to subdirectory
Changing all my website links: what is the best way?
Redirecting root of site to subdirectory using .htaccess
htaccess subdirectory URLS to root
EDIT: I ended up following, partially, the advice given because I have separate git repos per subdirectory. Thanks #Jon Lin and #tttony!
New problem: My .htaccess in root doesn't let me view my drupal installation in subfolder.
Drupal.examples.com uses all the drupal files from /Drupal**
The easiest thing to do, by far, is just make home your document root and not have to worry about having a subdirectory.
But for what you have to work, the first thing you need to do is route everything to /home and not just the / request:
RewriteEngine On
RewriteRule ^(.*)$ /home/$1 [L]
Secondly, this condition:
RewriteCond %{REQUEST_FILENAME}.html -f
will always fail if you have a trailing slash, since it'll try to check for files that look like this:
/home/contact/.html
Try this instead:
# remove .html from html file names
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .*[^/]$ %{REQUEST_URI}/ [L,R=301]
RewriteCond %{REQUEST_URI} ^/(.*)/$
RewriteCond %{DOCUMENT_ROOT}/home/%1.html -f
RewriteRule ^(.+)/$ $1.html [L]
I've had that issues with sub-folders, you can try use RewriteBase in your root .htaccess
RewriteEngine On
RewriteBase /home/
But I found that it's better to use just one .htaccess file in the root folder
# remove .html from html file names
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .*[^/]$ %{REQUEST_URI} [L,R=301]
RewriteCond home/%{REQUEST_FILENAME}.html -f
RewriteRule ^(.+)$ home/$1.html [L]

Url rewrite subfolder to root and forbid accessing subfolder

I have drupal installed in a subfolder drupal, but I want to access pages as it is in root folder: http://www.example.com instead of http://www.example.com/drupal
I'm able to have this working, but it's also working with url containing subfolder, so I have http://www.example.com and a clone site in http://www.example.com/drupal
What is the rule to forbid access to subfolder?
I want all url starting with http://www.example.com/drupal being forbidden.
This is .htaccess in / directory:
Options -Indexes
Options +FollowSymLinks
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [L,R=301]
RewriteRule ^(.*+)$ drupal/$1 [L,QSA]
</IfModule>
And this is drupal .htaccess in /drupal/ directory:
Options -Indexes
Options +FollowSymLinks
ErrorDocument 404 index.php
DirectoryIndex index.php index.html index.htm
# Override PHP settings that cannot be changed at runtime. See
# sites/default/default.settings.php and drupal_initialize_variables() in
# includes/bootstrap.inc for settings that can be changed at runtime.
# PHP 5, Apache 1 and 2.
<IfModule mod_php5.c>
php_flag magic_quotes_gpc off
php_flag magic_quotes_sybase off
php_flag register_globals off
php_flag session.auto_start off
php_value mbstring.http_input pass
php_value mbstring.http_output pass
php_flag mbstring.encoding_translation off
</IfModule>
# Requires mod_expires to be enabled.
<IfModule mod_expires.c>
# Enable expirations.
ExpiresActive On
# Cache all files for 2 weeks after access (A).
ExpiresDefault A1209600
<FilesMatch \.php$>
# Do not allow PHP scripts to be cached unless they explicitly send cache
# headers themselves. Otherwise all scripts would have to overwrite the
# headers set by mod_expires if they want another caching behavior. This may
# fail if an error occurs early in the bootstrap process, and it may cause
# problems if a non-Drupal PHP file is installed in a subdirectory.
ExpiresActive Off
</FilesMatch>
</IfModule>
# Various rewrite rules.
<IfModule mod_rewrite.c>
RewriteEngine on
# Block access to "hidden" directories whose names begin with a period. This
# includes directories used by version control systems such as Subversion or
# Git to store control files. Files whose names begin with a period, as well
# as the control files used by CVS, are protected by the FilesMatch directive
# above.
RewriteRule "(^|/)\." - [F]
# To redirect all users to access the site WITH the 'www.' prefix,
# (http://example.com/... will be redirected to http://www.example.com/...)
# uncomment the following:
# RewriteCond %{HTTP_HOST} !^www\. [NC]
# RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#
# To redirect all users to access the site WITHOUT the 'www.' prefix,
# (http://www.example.com/... will be redirected to http://example.com/...)
# uncomment the following:
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [L,R=301]
RewriteBase /drupal
# Pass all requests not referring directly to files in the filesystem to
# index.php. Clean URLs are handled in drupal_environment_initialize().
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !=/favicon.ico
#RewriteRule ^ index.php [L]
RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]
# Rules to correctly serve gzip compressed CSS and JS files.
# Requires both mod_rewrite and mod_headers to be enabled.
<IfModule mod_headers.c>
# Serve gzip compressed CSS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.css $1\.css\.gz [QSA]
# Serve gzip compressed JS files if they exist and the client accepts gzip.
RewriteCond %{HTTP:Accept-encoding} gzip
RewriteCond %{REQUEST_FILENAME}\.gz -s
RewriteRule ^(.*)\.js $1\.js\.gz [QSA]
# Serve correct content types, and prevent mod_deflate double gzip.
RewriteRule \.css\.gz$ - [T=text/css,E=no-gzip:1]
RewriteRule \.js\.gz$ - [T=text/javascript,E=no-gzip:1]
<FilesMatch "(\.js\.gz|\.css\.gz)$">
# Serve correct encoding type.
Header append Content-Encoding gzip
# Force proxies to cache gzipped & non-gzipped css/js files separately.
Header append Vary Accept-Encoding
</FilesMatch>
</IfModule>
</IfModule>
It looks like you're rewriting stuff to the /drupal/ directory, so you don't want to completely forbid access, otherwise going to http://www.example.com will be denied because it gets rewritten to /drupal. I'm assuming you want to disable requests that are directed to the drupal directory, so you'd need to add this somewhere:
RewriteCond %{THE_REQUEST} ^([A-Z]{3,9})\ /drupal/
RewriteRule ^drupal - [F,L]
Adding this to the top of the .htaccess (just under RewriteEngine On) in your document root should be sufficient. If not, try adding it to the one in your drupal directory (just under RewriteEngine On).
I solved this adding these two lines after RewriteEngine on in /drupal/.htaccess:
# deny access to url starting with /drupal/
RewriteCond %{THE_REQUEST} ^([A-Z]{3,9})\ /drupal/
RewriteRule .* - [F,L]
Using R=403 avoids problems with drupal "not found" handler: ErrorDocument 404 drupal/index.php
Try to change this in your .htaccess in / directory:
Options -Indexes
Options +FollowSymLinks
<IfModule mod_rewrite.c>
RewriteEngine On
# if access is straight to drupal (= no rewrite rule)
# notify in query string:
RewriteRule (drupal/(.*)) $1?straight=1 [QSA]
RewriteRule ^(.*+)$ drupal/$1 [L,QSA]
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [L,R=301]
RewriteRule ^(.*+)$ drupal/$1 [L,QSA]
</IfModule>
Add this in your drupal dir .htaccess file just after RewriteEngine On:
RewriteEngine On
RewriteCond %{QUERY_STRING} straight=1
# "not found" 404 :
RewriteRule .* - [R=404,L]
Tell me if it works :)