How can Apache be rewriting URLs without mod_rewrite enabled or configured?
I'm working on a site redesign from my development server. I was using a directory structure for site sections, but I am considering switching to URL rewriting and putting related files in the site's root.
For example, the about page has a subdirectory named about that contains an index.php which is served when the request is http://www.example.com/about. I plan to change this so that about.php from the site's root directory is served even if the request doesn't include the php extension.
On my development server, the problem is that the URLs are already being rewritten even though I don't have an .htaccess file anywhere along the path hierarchy.
The Apache configuration is the stock Ubuntu configuration and I suspect that it's something unique to Ubuntu, but I can't find the cause.
Here are some observations I've made:
/etc/apache2/httpd.conf is empty, but the configuration is in /etc/apache2/apache2.conf which in turn Includes config files from a few other directories.
There were no .htaccess files anywhere in the hierarchy of this site. I've checked every directory starting at /var/www
No .conf or .load files under /etc/apache2 have any reference to rewrite other than the rewrite.load file in /etc/apache2/mods-available.
I've set the LogWarning directive to debug. When I access a page without the .php extension, the error log shows the URL with the extension and the access log shows it without the extension and a HTTP 200 status. The page is served properly.
If I do add a .htaccess file with the appropriate configuration, I get an .htaccess: Invalid command 'RewriteEngine' error. ... mod_rewrite wasn't even loaded by default.
If I enable mod_rewrite by linking to the load file in /etc/apache2/mods-enabled it works as expected, which is to say exactly the same as if I didn't enable it.
access.log shows:
127.0.0.1 - - [16/Jan/2012:05:36:35 +0800] "GET /dev/ghodmode.com/h5bp/ HTTP/1.1" 200 3602 "http://alienware/dev/ghodmode.com/h5bp/experiments" "Mozilla/5.0 (Ubuntu; X11; Linux x86_64; rv:8.0) Gecko/20100101 Firefox/8.0"
while error.log shows:
[Mon Jan 16 05:23:23 2012] [debug] mod_deflate.c(615): [client 127.0.0.1] Zlib: Compressed 5347 to 1876 : URL /dev/ghodmode.com/h5bp/experiments.php, referer: http://alienware/dev/ghodmode.com/h5bp/
If I add an .htaccess file:
[Mon Jan 16 05:34:33 2012] [alert] [client 127.0.0.1] /var/www/dev/ghodmode.com/h5bp/.htaccess: Invalid command 'RewriteEngine', perhaps misspelled or defined by a module not included in the server configuration, referer: http://alienware/dev/ghodmode.com/h5bp/experiments
Update
Thanks to answers provided, I've been reading and I've learned a few things. The gist of it is that I'm using a stock Ubuntu installation of Apache2 and I haven't changed any configuration settings from the default. So, none of the suggested causes are set.
Of course there is the chance that I've misunderstood some of the documentation. This is the first time I've read about some of these options.
Multiviews
Multiviews provides the best explanation of this scenario, but that requires a type map or MultiViews option set for a path. I only have one type map (/etc/apache2/mods-enabled/mime.conf) for 'var' and the MultiViews option is only set for /usr/share/apache2/icons. So, this couldn't be it.
Redirect & RedirectMatch
Redirect & RedirectMatch would provide a good explanation for this behavior, but it requires a directive for each redirection. I don't have any of these set and any path that I type serves the related php file if it exists. Also, if this was the cause, I think that the access.log would generate a 3xx status instead of 200 if it was a redirect.
Alias & AliasMatch
Alias & AliasMatch, like Redirect & RedirectMatch, requires a directive to be set for each resource. I only have an alias set for /icons/.
FallbackResource
FallbackResource identifies a single resource to serve when the requested resource isn't present. In my case, when the requested resource isn't present it serves the resource found by appending '.php' to the end of the request. I also double-checked and there are no FallbackResource directives set.
Here's an example of the command I use to confirm that there a particular option isn't set anywhere:
find /etc/apache2 -name "*.conf" -exec grep -li "FallbackResource" {} \;
Update #2:
There was a hole in my search for the MultiViews option. I was only looking for files with a .conf or .load extension, but some of the configuration files don't have an extension at all. The MultiViews option is set by the default site configuration file /etc/apache2/sites-enabled/000-default.
Thanks to #zneak for providing the answer first, although he did it in a comment. And thanks to #regilero who indirectly showed me what I was missing by using a different syntax for grep from the syntax I'm used to.
What you call a rewrite can be done by a lot of others instructions:
Redirect & RedirectMatch : for external redirection (with 301,302 or even 403 or 404 codes
Alias & AliasMatch : for internal redirection (internal directory re-mapping for example)
FallBackresource : to redirect every missing file to an index.php boostrap
Option Multiviews : from mod-autoindex which is enabled by default on a lot of installations
Theses configuration things are usually not in .htaccess files by default, as .htaccess files is just a bad thing slowing down apache and allowing user to add some other rules than the one defined in VirtualHosts. Most usefull configuration stuff is in /etc/apache2/sites-enabled, /etc/apaches2/mod-enableds/ and /etc/apache2/conf.d/.
Now the strangest one is Option Multiviews make a grep -R MultiViews /etc/apache2/*. This option will map any call to http://www.example.com/foo/bar to foo/bar.php or foo/bar.html if theses directories exists in the DocumentRoot and if theses files exists (trying on all available extensions).
Related
Have upgraded PHP 7.4 to to PHP 8.2.1 on mac osx, and for some reason, can not locate what is causing an issue with the .htaccess file having this code in it:
Options -Indexes -Multiviews
If I remove this code the site loads, but than shows all folders and files which is not desirable. Need site to load the index.php file that is being shown here, trying to hide this, but once this is in the .htaccess file, I'm getting the following error message:
Forbidden
You don't have permission to access this resource.
Is there something in PHP that needs to be set? I did change the php_module to point to PHP 8 in the httpd.conf file, so I don't understand what else might need to change to get my localhost loaded properly instead of showing files and folders?
BTW, this was working fine on PHP 7.4, but after updating, no longer works. Maybe I have to install other modules for 8.2.1 to work correctly?
If I switch back to using PHP 7.4 everything is loading fine on the site after restarting apache.
Need site to load the index.php file
You need to set the DirectoryIndex (mod_dir) - this defaults to index.html only (an Apache issue, not PHP). It is the DirectoryIndex that determines which file(s) Apache will try to serve when requesting a directory.
For example:
Options -Indexes -Multiviews
DirectoryIndex index.php
If a DirectoryIndex document (there can be more than 1) is not found... and mod_autoindex is disabled (ie. -Indexes) then you get a 403 Forbidden response. If mod_autoindex is enabled then you naturally see a directory listing. (If mod_autoindex is not installed at all then you get a 404 Not Found.)
mod_autoindex (ie. Indexes) is not enabled by default on Apache 2.4 (it is on Apache 2.2), however, it has likely been explicitly enabled elsewhere in the server config.
I'm using Joomla 2.5 and Apache and I have followed this steps:
1- mod_rewrite module is eneabled? YES
2- htaccess.txt renamed to .htaccess
3- set "Use URL Rewriting" to YES.
And this is what I get:
Not Found
The requested URL /about-us was not found on this server.
The web is located in /var/www/
The .htaccess is located in /var/www/
And this is my .htaccess: http://pastebin.com/dq1TYs1t
Thanks for the help.
Since you said allowoverride was set to none, your .htaccess file will be ignored. You need to set allowoverride to all the other option is leave allowoverride at none, and take the contents of the .htaccess file and incorporate it into your apache configuration file. This has the benefit of being slightly faster as apache doesn't need to look in directory tree for .htaccess files (they are really good to allow users that don't have access to the configs the ability to override the base settings, but if you have access to /var/www you should also have access to make changes to the config files.
There is no need to enable any mod_rewrite module.
Need to enable URL rewriting option in global configuration. Also need to rename htaccess.txt file to .htaccess.
please check there is no any third party component of security like admin tools are enable or installed which is blocking this mod rewrite option.
This is so frustrating. My root directory is at home/websitename/websitename/ and my httpd.conf has nothing in it!
My .htaccess is in the same directory as the index.php is supposed to be and all I'm typing into .htaccess (and FTP identifies this as an HTACCESS file) is:
DirectoryIndex Home.php
The error message I get when trying to visit the site is a 403 forbidden to list the directories of "/"
the AllowOverride directive is set to All
Ok actually I made a dumb mistake.
Basically all the things one needs to check in order for the .htaccess to work are these:
Create a .htaccess file in the main directory. Make sure the .htaccess file is made in a file editor for ACSII. (notepad++, dev editor, NO Microsoft Word)
Make sure AllowOverride is set to All in the Apache configuration for your website. It should be under <directory>
Make sure to restart apache after making any changes to the Apache file!! Note that even though .htaccess does not require you to restart Apache, changing anything in the website configuration file requires you to restart Apache in order for it to function.
Lastly, your website should output a 500 Internal Apache Error if it is able to actually read the .htaccess file, NOT a 403: Access Forbidden or directory listing.
I am a beginner to Zend framework and I want to know more about the .htaccess file and its uses. Can somebody help me?
I found an example like this:
.htacess file
AuthName "Member's Area Name"
AuthUserFile /path/to/password/file/.htpasswd
AuthType Basic
require valid-user
ErrorDocument 401 /error_pages/401.html
AddHandler server-parsed .html
It's not part of PHP; it's part of Apache.
http://httpd.apache.org/docs/2.2/howto/htaccess.html
.htaccess files provide a way to make configuration changes on a per-directory basis.
Essentially, it allows you to take directives that would normally be put in Apache's main configuration files, and put them in a directory-specific configuration file instead. They're mostly used in cases where you don't have access to the main configuration files (e.g. a shared host).
.htaccess is a configuration file for use on web servers running the
Apache Web Server software.
When a .htaccess file is placed in a directory which is in turn 'loaded via the Apache Web Server', then the .htaccess file is detected and executed by the Apache Web Server software.
These .htaccess files can be used to alter the configuration of the Apache Web Server software to enable/disable additional functionality and features that the Apache Web Server software has to offer.
These facilities include basic redirect functionality, for instance if a 404 file not found error occurs, or for more advanced functions such as content password protection or image hot link prevention.
Whenever any request is sent to the server it always passes through .htaccess file. There are some rules are defined to instruct the working.
Below are some usage of htaccess files in server:
1) AUTHORIZATION, AUTHENTICATION: .htaccess files are often used to specify the security restrictions for the particular directory, hence the filename "access". The .htaccess file is often accompanied by an .htpasswd file which stores valid usernames and their passwords.
2) CUSTOMIZED ERROR RESPONSES: Changing the page that is shown when a server-side error occurs, for example HTTP 404 Not Found.
Example : ErrorDocument 404 /notfound.html
3) REWRITING URLS: Servers often use .htaccess to rewrite "ugly" URLs to shorter and prettier ones.
4) CACHE CONTROL: .htaccess files allow a server to control User agent caching used by web browsers to reduce bandwidth usage, server load, and perceived lag.
More info : http://en.wikipedia.org/wiki/Htaccess
You are allow to use php_value to change php setting in .htaccess file. Same like how php.ini did.
Example:
php_value date.timezone Asia/Kuala_Lumpur
For other php setting, please read http://www.php.net/manual/en/ini.list.php
Htaccess is a configuration file of apache which is used to make changes in the configuration on a directory basis.
Htaccess file is used to do changes in functions and features of the apache server.
Htaccess is used to rewrite the URL.
It is used to make site address protected.
Also to restrict IP addresses so on particular IP address site will not be opened
You can think it like php.ini files sub files.. php.ini file stores most of the configuration about php like curl enable disable. Where .htaccess makes this setting only for perticular directory and php.ini file store settings for its server' all directory...
It is not so easy to give out specific addresses to people say for a conference or a specific project or product.
It could be more secure to prevent hacking such as SQL injection attacks etc.
.htaccess file create in directory /var/www/html/.htaccess
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [QSA,L]
</IfModule>
What
A settings file for the server
Cannot be accessed by end-user
There is no need to reboot the server, changes work immediately
It might serve as a bridge between your code and server
We can do
URL rewriting
Custom error pages
Caching
Redirections
Blocking ip's
Is it possible to have just a single php.ini file, for example in the webroot (or even outside of it to prevent people accessing it via GET), and tell PHP quickly and easily where it is?
I know you can set php.ini directives in .htaccess, but is it possible to define a specific php.ini file to be used?
Add this to your server configuration...
<VirtualHost 1.2.3.4:80>
PHPINIDir /path/to/new/php_ini
</VirtualHost>
Make sure to just include the path to the directory, not the entire path to the file.
Then restart Apache.
Check it worked with phpinfo().
Have a look at .user.ini section at the php docs.
Since PHP 5.3.0, PHP includes support for .htaccess-style INI files on
a per-directory basis.
But beside the .unser.ini solution you can place an additional ini file in the "additional .ini files parsed" directory. There you can use one single ini file to overwrite all other settings. Name it with zzz at the beginning and it will be parsed at last. This is also easy for your hoster to deploy without destroying his settings.
Kolink, I suspect that you are on a shared hosting service, in which case your host may be using something called suPHP. In this case -- as you describe -- the PHPINIDir directive doesn't work, in which case there is a suPHP_ConfigPath directive.
In terms of access, I have a standard mod_rewrite in my DOCROOT/.htaccess:
RewriteEngine On
RewriteBase /
# if a forbidden directory or file name (starting with a . or /) then raise 404 Fatal
RewriteRule (^|/)[_.] - [F]
What this does is forbid any request for any filename or directory prefixed by . or _. I have a DOCROOT/_private where I keep this stuff for me:
suPHP_ConfigPath DOCROOT/_private
where you will need to replace DOCROOT by your local setting on your service. Look for DOCUMENT_ROOT in a phpinfo() listing.