preventing direct download of SQLite file using .htaccess - apache

I know the basics of .htaccess, but freely admit to being a non-expert when it comes to mod_rewrite.
The problem:
I have a sqlite db file in the document root (no, I can't move it out of here) called data.sqlite. This file is accessed internally by PHP files, however, I want to protect this file from being 'downloaded' by the user typing the db URL directly into their browser.
I have used .htaccess to create pretty URLs in the past, and thought using mod_rewrite would provide a nice solution to my problem. However, my rewrite rule does not seem to prevent access.
.htaccess
Options +FollowSymLinks
Options -multiviews
RewriteEngine On
RewriteBase /
RewriteCond %{http_host} ^www\.example\.com [NC]
RewriteRule ^(.*)$ http://example.com/$1 [R=301,NC]
##prevent access to any file data.sqlite by redirecing back to index.php
RewriteRule ^data.sqlite$ index.php [L,NC]
##my other rules follow - not shown here
Any ideas where I'm going wrong with the rewrite?? I'm sure it is something simple?
EDIT:
Ideally, I'd like to prevent direct URL access to all files ending in .sqlite, not just data.sqlite

Here's how you do it because I have also done it:
RewriteCond %{HTTP_REFERER} !^http://*.webwarecollection.com/.*$ [NC]
RewriteCond %{HTTP_REFERER} !^http://*.webwarecollection.com$ [NC]
RewriteRule .*\.(sqlite)$ - [F,NC]

About "start with ." that is not true!. File must start on ".ht" to be blocked by default on appache.

httpd disables access to files that start with a . by default. Rename your file to .data.sqlite and it will be dealt with.

Related

Shorten url with .htaccess

I do not know .htaccess so much. What i want to do is to shorten my url. I have searched on Google and found many solutions. Still none of them is working.For exmaple my url is "example.com/video?id=12345/filename". I want an url like "example.com/video/12345/filename". I have tried thisRewriteEngine on
RewriteRule ^video video?id=$1 [QSA]But it is not working. Please help.
Here is my .htaccess code
Options +FollowSymLinks -MultiViews -indexes
RewriteEngine On
RewriteBase /
# remove .php; use THE_REQUEST to prevent infinite loops
RewriteCond %{THE_REQUEST} ^GET\ (.*)\.php\ HTTP
RewriteRule (.*)\.php$ $1 [L,R=301]
RewriteRule ^video/([0-9]+)/.+$ video?id=$1 [L,QSA]
RewriteRule ^video/([0-9]+)/.+$ video?id=$1 [L,QSA]
ErrorDocument 404 /index.php
I guess this is what you are looking for:
RewriteEngine on
RewriteRule ^video/([0-9]+)/(.+)$ video?id=$1/$2 [L,QSA]
I would however suggest that you simply drop the filename, you don't need it to deliver the file. Since you have some numerical ID you certainly have some form of database that stores the physical location of the referenced file. In that case the above would have to be changed to:
RewriteEngine on
RewriteRule ^video/([0-9]+)/ video?id=$1 [L,QSA]
And another, general hint: if possible you should always prefer to place such rules into the real host configuration of your http server. You should only fall back to .htaccess style files if that really is not possible for you, for example because you do not have access to the http server configuration. Reason is that .htaccess style files are notoriously error prone, a security risk, hard to debug and really slow the server down.

apache RewriteRule not working

I have this url http://www.example.com/Courses/get/38789/my-course, i added this rule to the .htaccess file
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/Courses/get
RewriteRule ^Courses/get/(.*)/(.*)$ course-$1-$2 [R=301,L]
but when i go to http://www.example.com/Courses/get/38789/my-course nothing happens, i stay on the same page, there is no redirect.
p.s the link is just an example not the actual link
A more efficient method would be to use the following:
RewriteRule ^Courses/get/(\d+)/([^/]+)/?$ /course-$1-$2 [R=301,L]
Now, keep in mind that this rule should come before any rules that may rewrite the request to, say, an index.php file. This would be naturally true if the code you posted in your question was all of your code. If not, please post your entire .htaccess file so we can be sure it is being placed in the right location.
Be sure the mod_rewrite is turned on, and the you have set AllowOverride All in your virtual host/Apache site configuration. If you're running on a shared production server, this would not apply to you.
Side note: Whilst it does work, you need not use RewriteEngine on twice - only once at the beginning of your file will suffice. You also do not need RewriteCond %{REQUEST_URI} ^/Courses/get - it is essentially redundant as you are already using an expression to test against the request.

Apache Redirects - .htaccess - ReWriteCond

I'm trying to manipulate the .htaccess file on my blogs server to allow certain content to be redirected while allowing others to be accessed.
What I would like to do, is allow any file with the extension of (gif|jpg|css|js|ico|png) to be accessed along with a directory /includes/ and a file sitemap.html while all other traffic I would like to send to the sitemap.html file.
Is this possible?
Here's the code that I'm trying to use but it doesn't appear to be working as ecpected. The redirect matched the file extensions and allows the sitemap.html file to be accessed but the /includes/ directory that I want to be allowed access to froma user perspective regardless of what files are in the actual directory still appears to be redirecting to the sitemap.html file.
RewriteEngine On
RewriteCond %{REQUEST_URI} !(\.(gif|jpg|css|js|ico|png)$|^/includes$|^/sitemap\.html$)
RewriteRule ^(.*)$ /sitemap.html [R=301,L]
Any help would be greatly appreciated.
Try this:
RewriteCond %{REQUEST_URI} !\.(gif|jpg|css|js|ico|png)$ [NC]
RewriteCond %{REQUEST_URI} !^/(sitemap\.html|includes(/.*|))$ [NC]
RewriteRule ^ /sitemap.html [R=301,L]
Sure both RewriteCond lines can be combined into 1 but I would suggest keeping it 2 separate as this is easier to read and easy to maintain in case you want to add new extensions or new directories for exclusion in future.

How to get file directory trough .htaccess by using `RewriteRule ^(.*)$ ?id=$1 [L,QSA]`?

How to get file directory trough .htaccess by using RewriteRule ^(.*)$ ?id=$1 [L,QSA]?
If .htaccess is located in http://localhost/some/dir/.htaccess and I'm opening http://localhost/some/dir/here/I/use/RewriteRule/, how I detect value /some/dir/ without using RewriteBase and without manual adding %{DOCUMENT_ROOT}/some/dir/, like value localhost I get trough %{HTTP_HOST}?
If you do not use RewriteBase you need to tell mod-rewrite the real Directory Root /var/ww/mysite/some/dir in the rewrite rule. RewriteBase would take the location url and map it to the directory.
So you'll maybe end up with
RewriteRule /var/ww/mysite/some/dir/(.*)$ ?id=$1 [L,QSA]
And trying to map some internal variables it may be
RewriteRule %{DOCUMENT_ROOT}/some/dir/(.*)$ ?id=$1 [L,QSA]
But I'm unsure, I rarely use mod_rewrite in .htaccess -- I prefer Directory tags, and the file path management can be different in .htaccess (auto removal and adding of directory prefixes). If you do not find a solution try to ask Servfault, plenty of admins other there.
Actualy Apache still does not have pathinfo($,PATHINFO_DIRNAME), function like has PHP.
So on now there are solution on using %{REQUEST_URI}, like this example:
RewriteRule ^(.+)/$ /path-dirname/$1 [R=301,L]
may reset with:
RewriteCond %{REQUEST_URI} ^(.+)/$
RewriteRule ^.+/$ %1 [R=301,L]

Use symfony 1.4 without changing apache configuration

Is it possible to set the /web directory as webroot without changing apache configuration file?
I tried using the following .htaccess code, but if i go to localhost/module/, it displays 404 error. But if i go to localhost/web/module/ then everything works.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule sf/(.*) lib/vendor/symfony/data/web/sf/$1 [L]
RewriteRule ^$ web/ [L]
RewriteRule (.*) web/$1 [L]
</IfModule>
i do like this on the root :
RewriteEngine On
RewriteBase /
RewriteRule (.*) ./web/$1 [L]
And edit web/.htaccess uncommented the 'RewriteBase /' line.
this make all the mysite.com/aaaa/bbbb works like mysite.com/web/aaaa/bbbb
Short answer: no.
Bit longer: you will have to edit the apache config at least to give it permission to access the web/ directory, so even if you symlink your web folder to /var/www, it will not work.
This is quiet similar to my question Symfony on virtual host (document root problem).
This is my .htaccess in the project root directory:
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} ^/images/ [OR]
RewriteCond %{REQUEST_URI} ^/js/ [OR]
RewriteCond %{REQUEST_URI} ^/css/
RewriteRule ^(.*)$ /web/$1 [L]
RewriteCond %{REQUEST_URI} !^/web/
RewriteRule ^(.*)$ /web/index.php [QSA,L]
This solved my problem but symfony tries to generate every url (eg. using url_for) from the document root so instead of url like domain.com/my-article it generates domain.com/web/my-article.
I had to slightly modify my PatternRouting class to trim the /web prefix from each url. I think this is not the best solution but it works.
Also if I want to access backend application I have to call always /web/backend.php/ because I don't want to have so many rewrite rules in the .htaccess.
If you want to see my extended PatternRouting class source code I'll paste it here.
Yes, it is possible. Copy everything from web/ up a level to your document root. Edit index.php to reflect the fact that everything it includes is now one level closer to its current directory than it used to be (one less ../). You won't have to edit a single other Symfony file.