.htaccess Rewrite for PDFs from root to subdirectory - apache

I'm trying to automatically redirect all .PDF and .pdf files from the website root to a subdirectory called docs.
Note that there aren't any actual PDFs on the website root, which is why I'm trying to use the !-f bit.
This is what I came up with so far, but it isn't working. I would appreciate any help.
# redirect PDF files requested on the root '/' to /docs/<filename>.(pdf|PDF)
Options +SymLinksIfOwnerMatch
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^/(.(pdf|PDF))$ /docs/$1

Try changing your rule to:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{DOCUMENT_ROOT}/docs%{REQUEST_URI} -f
RewriteRule ^/?(.*\.pdf)$ /docs/$1 [L,NC]
The second condition may not be needed, it's there in case a request is made that ends with ".pdf" but the pdf isn't actually there, thus the first condition is true and there's a rewrite loop (resulting in a 500 server error).

Related

RewriteCond giving false positive if part of URL points to existing file

I set up a .htaccess file to route requests for my site:
Options -Multiviews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
Requests for existing files (like images) are handled normally, others are forwarded to the router. This works fine.
I am trying to get the following type of URLs to work for viewing thumbnails:
http://www.example.com/images/image.png/thumbnail-big/
The idea being that http://www.example.com/images/image.png is a valid URL, and points to a file, but the thumbnail variant isn't a valid URL (because of the /thumbnail-big/ part), and is handled by the router (which generates a thumbnail, if needed).
But this doesn't work. The thumbnail URL is handled as if pointing to an existing file, and the RewriteRule for the router is skipped, but it isn't an actual file, so the server displays a generic 404 error. In other words, the "is this path an existing file" condition apparently evaluates to true for the thumbnail URL, even though it is not an existing file. It's almost as if only the part up till image.png is evaluated.
Is there a way to check whether the file exists in such a way that I don't get this false positive?
Change your conditions and rule to this:
Options -Multiviews
RewriteEngine On
RewriteCond %{DOCUMENT_ROOT}/$0 !-f
RewriteCond %{DOCUMENT_ROOT}/$0 !-d
RewriteRule .* index.php [L]
Use of %{REQUEST_FILENAME} can be misguiding sometimes as the way file name is generated internally by Apache. In your case it is checking for file with the address as: http://www.example.com/images/image.png

Forwarding all htm file extensions to a a specific file

I have been given a task to change 100's of .htm files on a site to only show the contact page. As appose to changing the files I am thinking to just use a .htaccess file and force all requests which includes a ".htm" or ".html" to the contact.htm page.
I have very limited knowledge about .ht_access files and the one I have which forces all requests through a index.php isn't working because one of the rewrite conditions is to check whether the file is real or not.
Any advice or tips will greatly be appreciated:
// My .htaccess rules at the moment:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ contact.htm [NC,L]
You can try something like this:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^[^\.]*\.htm$ contact.htm [NC,L]
This will replace everything that ends with .htm to contact.htm
EDIT: Made a mistake, checked it and fixed it
If you want to maintain your SEO and prevent link rot (which is bad), you'll want to let the client know that the old HTML file is no longer valid:
RedirectMatch 301 ^.*html?$ http://example.com/contact.html
Edit: as an interesting side note, returning a 410 might be a more appropriate response.

.htaccess display /base1/folder/ using the content of /base2/folder.html

When I open the url http://mysite.com/base1/folder/, I want it to display the contents of http://mysite.com/base2/folder.html. There is an index.html file in the folder folder.
To be clearer, the html file folder.html resides in the folder base2.
My .htaccess file does not work as expected
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^/base1/([^/]+)/(.+)$ /base2/$1.html [L]
Could anyone please tell me is wrong with my .htaccess file?
Thanks!
Your regular expression looks wrong:
^/base1/([^/]+)/(.+)$
^^^ requires one or more characters
This should work (to accept anything following /folder/)
^/base1/([^/]+)/
Or this (to accept only /folder/)
^/base1/([^/]+)/$
Furthermore I would remove the two RewriteCond as your rule. (Though they shouldn't do any harm if /base1/ doesn't exist)

why doesn't this .htacess file prevent users from accessing content I want secured?

I am trying to accomplish several things with this .htacess file, but cannot seem to
get it to serve the rewrites I need, while preventing unathorized access to files I want
hidden. My goal is to allow any file located in /sections/section_name/webroot/ to be accessed through /section_name/. So, /admin/images/kittens/cat.jpg would serve up /sections/admin/webroot/images/kittens/cat.jpg if it existed. I want to be able to have multiple sections. If a section is not specified, but the file exists in /sections/default/webroot, then I'd like for that to be served. Any other request should
go to /dispatcher.php. I thought I had this working, until I requested a configuration
file in /config and was able to see it. Then I realized I could basically view any file
if I knew that path.
How can I fix this security issue while still keeping the rewrites working?
Here is my .htacess file:
Options +FollowSymlinks -MultiViews -Indexes
RewriteEngine On
# If a file is requested in the admin webroot, and it exists, allow it to pass through
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteRule ^admin(/.*)$ sections/admin/webroot/$1 [L,QSA]
# if the requested url begins with /customers and it is located in /sections/customers/webroot
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteRule ^customers(/.*)$ sections/customers/webroot/$1 [L,QSA]
# if the requested url begins with /resellers and it is located in /sections/resellers/webroot
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteRule ^resellers(/.*)$ sections/resellers/webroot/$1 [L,QSA]
# if the requested file does not begin with /admin, /customers, or /resellers, and is in /sections/default/webroot, then serve it
RewriteCond %{DOCUMENT_ROOT}/sections/default/webroot/$1 -f
RewriteRule ^(.*)$ sections/default/webroot/$1 [QSA,L,NC]
# Send everything else to the dispatcher
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteRule ^(.*)$ dispatcher.php [QSA,L]
I know this isn't quite a solution, but have you tried cutting it all the way down and then adding the rules back one by one, testing each one along the way? For starters, if you can get files in /config that you're not supposed to, I'd try cutting everything except the final rule (which is supposed to send requests in /config to dispatcher) and see if that works. If it does, keep adding things back slowly until you see which specific rule is allowing /config files to be seen. Then you know what to fix.
Adding this to the end worked. Anything that wasn't a valid file requested in one of the
webroot folders, and that wasn't a call to dispatcher.php, was redirected to dispatcher.
RewriteCond %{REQUEST_URI} !=/dispatcher.php
RewriteCond %{REQUEST_URI} !^/sections/[a-zA-Z0-9_-]+/webroot/
RewriteCond %{SCRIPT_FILENAME} -f
RewriteRule ^(.*)$ dispatcher.php [QSA,L]

How do I ignore a directory in mod_rewrite?

I'm trying to have the modrewrite rules skip the directory vip. I've tried a number of things as you can see below, but to no avail.
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
#RewriteRule ^vip$ - [PT]
RewriteRule ^vip/.$ - [PT]
#RewriteCond %{REQUEST_URI} !/vip
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
How do I get modrewrite to entirely ignore the /vip/ directory so that all requests pass directly to the folder?
Update:
As points of clarity:
It's hosted on Dreamhost
The folders are within a wordpress directory
the /vip/ folder contains a webdav .htaccess etc (though I dont think this is important
Try putting this before any other rules.
RewriteRule ^vip - [L,NC]
It will match any URI beginning vip.
The - means do nothing.
The L means this should be last rule; ignore everything following.
The NC means no-case (so "VIP" is also matched).
Note that it matches anything beginning vip. The expression ^vip$ would match vip but not vip/ or vip/index.html. The $ may have been your downfall. If you really want to do it right, you might want to go with ^vip(/|$) so you don't match vip-page.html
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
This says if it's an existing file or a directory don't touch it. You should be able to access site.com/vip and no rewrite rule should take place.
The code you are adding, and all answers that are providing Rewrite rules/conditions are useless! The default WordPress code already does everything that you should need it to:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
Those lines say "if it's NOT an existing file (-f) or directory (-d), pass it along to WordPress. Adding additional rules, not matter how specific or good they are, is redundant--you should already be covered by the WordPress rules!
So why aren't they working???
The .htaccess in the vip directory is throwing an error. The exact same thing happens if you password protect a directory.
Here is the solution:
ErrorDocument 401 /err.txt
ErrorDocument 403 /err.txt
Insert those lines before the WordPress code, and then create /err.txt. This way, when it comes upon your WebDAV (or password protected directory) and fails, it will go to that file, and get caught by the existing default WordPress condition (RewriteCond %{REQUEST_FILENAME} !-f).
In summary, the final solution is:
ErrorDocument 401 /misc/myerror.html
ErrorDocument 403 /misc/myerror.html
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
I posted more about the cause of this problem in my specific situation, involving Wordpress and WebDAV on Dreamhost, which I expect many others to be having on my site.
You mentioned you already have a .htaccess file in the directory you want to ignore - you can use
RewriteEngine off
In that .htaccess to stop use of mod_rewrite (not sure if you're using mod_rewrite in that folder, if you are then that won't help since you can't turn it off).
Try replacing this part of your code:
RewriteRule ^vip/.$ - [PT]
...with the following:
RewriteCond %{REQUEST_URI} !(vip) [NC]
That should fix things up.
RewriteCond %{REQUEST_URI} !^pilot/
is the way to do that.
In my case, the answer by brentonstrine (and I see matdumsa also had the same idea) was the right one... I wanted to up-vote their answers, but being new here, I have no "reputation", so I have to write a full answer, in order to emphasize what I think is the real key here.
Several of these answers would successfully stop the WordPress index.php from being used ... but in many cases, the reason for doing this is that there is a real directory with real pages in it that you want to display directly, and the
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
lines already take care of that, so most of those solutions are a distraction in a case like mine.
The key was brentonstrine's insight that the error was a secondary effect, caused by the password-protection inside the directory I was trying to display directly. By putting in the
ErrorDocument 401 /err.txt
ErrorDocument 403 /err.txt
lines and creating error pages (I actually created err401.html and err403.html and made more informative error messages) I stopped the 404 response being generated when it couldn't find any page to display for 401 Authentication Required, and then the folder worked as expected... showing an apache login dialog, then the contents of the folder, or on failure, my error 401 page.
I’ve had the same issue using wordpress and found that the issue is linked with not having proper handler for 401 and 403 errors..
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
These conditions are already supposed not to rewrite the url of existing folders but they don’t do their job for password protected folders. In my case, adding the following two lines to my root .htaccess fixed the problem:
ErrorDocument 401 /misc/myerror.html
ErrorDocument 403 /misc/myerror.html
Of course you need to create the /misc/myerror.html,
This works ...
RewriteRule ^vip - [L,NC]
But ensure it is the first rule after
RewriteEngine on
i.e.
ErrorDocument 404 /page-not-found.html
RewriteEngine on
RewriteRule ^vip - [L,NC]
AddType application/x-httpd-php .html .htm
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
etc
I'm not sure if I understand your objective, but the following might do what you're after?
RewriteRule ^/vip/(.*)$ /$1?%{QUERY_STRING} [L]
This will cause a URL such as http://www.example.com/vip/fred.html to be rewritten without the /vip.