I have a folder in my root that i want no one to know of. Even if someone types in it correct i want to throw a 404 not found.
Would this be Possible to do with mod-rewrite perhaps?
I cant store it outside root right now, dont ask why
Thanks!
Is throwing a 403 out of the question? If you have shell access, you can chmod the directory so the web user cannot read or stat it.
Create a custom 404 page and then set mod_rewrite up to rewrite requests to the offending directory to the custom 404 file. Custom 404 pages are generally good practice anyway so you get two for the price of one by doing this.
I'd first suggest moving the file out of the web root, unless you have a really good reason not to (and I won't easily be convinced that you do).
If you're intent on not doing that, use Tristan's suggestion of a 403 error. Something like
<Files /path/to/docroot/nameoffile>
Order allow,deny
Deny from all
</Files>
If you're really intent on not doing that, you should be able to use an alias to redirect the URL to a nonexistent location:
Alias /nameoffile /path/that/doesnt/exist
The same could be done with mod_rewrite,
RewriteRule /nameoffile /path/that/doesnt/exist [L]
The rewrite is more computationally expensive, but it might be your only option if you don't have access to the main server configuration.
I did not try this, but I guess you could redirect to something that does not exist.
Related
I was just asked to work on a terrible site that the client is running off IIS. I can't make changes to the live server so I attempted to install the site on my testing server running Apache.
The site's homepage is up and running but I cannot navigate to any subdirectories. The nav menu has links like /about-us/ -- however, there is no index.php file in the about-us directory. Instead there is a file named about-us.php.
If I was getting paid to fix the site up I would do the work to rename the files and/or links, but for now I just want to get this thing running so I can make my CSS and content edits and be done with it. I assume there is some easier way (using htaccess?) to dynamically tell Apache that, when directed to a subdirectory, look for /foo/foo.php instead of /foo/index.php -- right now all I get is a directory listing or permission denied if I turn indexing off.
I've been Googling around but can't find anything that looks like the same problem -- can one of you rewrite gurus please point me in the right direction?
The best approach for you is to set the appropiate DirectoryIndex for each directory as in:
<Directory /path/to/about-us>
DirectoryIndex about-us.php
</Directory>
You can also define a single "controller" in case there is no index page found, this is done like:
FallBackResource /index.php
I had a hard time deciding how I should manage these errors (404, 500, ...) and when I finally decided, I am encountering problems. This is a reeeeeally long question, I appreciate anyone's attempt to help!
Let me first describe how I decided to set it up. I have several sites hosted on a shared Dreamhost account. In the folder structure that I see, everything of mine on the server is under /home/username, and for example, site1.com's web root is at /home/username/site1.com
I am creating a generic error handler (php script) for errors like 404 not found, 500, etc. that I want to store above the web roots of my sites at /home/username/error_handler/index.php so that I can use an .htaccess file at /home/username/.htaccess which includes something like the following:
ErrorDocument 404 /error_handler/index.php
ErrorDocument 500 /error_handler/index.php
...and many more
When these errors occur on any of my sites, I want it to be directed to /home/username/error_handler/index.phpThis is the problem I'm having a hard time figuring out. The ErrorDocument directives above will actually cause Apache to look for /home/username/site1.com/error_handler/index.php
Anyway, the errors should be redirected to my error handling php script. The script will use $_SERVER['REDIRECT_STATUS'] to get the error code, then use $_SERVER['REDIRECT_URL'] and $_SERVER['HTTP_HOST'] to decide what to do. It will check if an error handler specific to that site exists (for example: site1.com/errors/404.php). If this custom page doesn't exist, it will output a generic message that is slightly more user-friendly and styled, and perhaps will include some contact info for me depending on the error.
Doing it this way lets me funnel all these errors through this 1 php script. I can log the errors however I like or send email notifications if I want. It also lets me set up the ErrorDocument Apache directives once for all my sites instead of having to do it for every site. It will also continue to work without modification when I move the site around, since I already have a system that scans the folder structure to figure out where my site roots are when they really aren't at the web root technically speaking. This may not be possible with other solutions like using mod_rewrite for all 404 problems, which I know is common. Or if it is possible, it may be very difficult to do. Plus, I have already done that work, so it will be easy for me to adapt.
When I am working on sites for which I don't have a domain name yet (or sites where the domain name is already in use at the moment), I store them temporarily in site1.com/dev/site3.com for example. Moving the site to site3.com eventually would cause me to have to update the htaccess files if I had one for each site. Changing the domain name would do the same.
Ex: a site stored at site1.com/dev/site3.com would have this in its htaccess file:
ErrorDocument 404 /site1.com/dev/site3.com/error/404.php
And it would have to be changed to this:
ErrorDocument 404 /site3.com/error/404.php
Obviously, this isn't a huge amount of work, but I already manage a lot of sites and I will probably be making more every year, 95% of which will be hosted on my shared DreamHost account. And most of them get moved at least once. So setting up something automatic will save me a some effort in the long run.
I already have a system set up for managing site-relative links on all my sites. These links will work whether the site exists in a subdirectory of an existing site, or in their own domain. They also work without change in a local development server despite a difference in the web root location. For example, on the live server, the site-relative http link /img/1.jpg would resolve to the file /home/username/site1.com/img/1.jpg while on my local development server it would resolve to C:\xampp\htdocs\img\1.jpg, despite what I consider the logical site root being at C:\xampp\htdocs\site1.com. I love this system, and it is what gave me the idea to set up something that would work automatically like I expected it to, based on the file structure I used.
So, if I could get it to work, I think this seems like a pretty good system. But I am still very new to apache configuration, mod_rewrite, etc. It's possible there is a much easier and better way to do this. If you know of one, please let me know.
Anyway, all that aside, I can't get it working. The easiest thing would be if I could have the ErrorDocument directive send the requests to folders above the web root. But the path is a URL path relative to the document root. Using the following in /home/username/.htaccess,
ErrorDocument 404 /error_handler/index.php
a request for a non-existent resource causes Apache to look for the file at
site1.com/error_handler/index.php
So I thought I should set up a redirection (on all my sites) that would redirect those URLS to /home/username/error_handler. I tried a few things and couldn't get any of them to work.
Alias seemed like the simplest solution, but it is something that has to be set at server runtime (not sure if that is the right terminology - when the server is started). On my local server, it worked fine using:
Alias /error_handler C:\xampp\htdocs\error_handler2
I changed the local folder to test that the Alias was functioning properly. (On the local server, the URL path specified by the ErrorDocument directive is actually pointing to the right folder, since in my local server the web root is technically C:\xampp\htdocs and I store the error handler I want to use is stored locally at C:\xampp\htdocs\error_handler\index.php)
Dreamhost has a web client that can create what I am guessing is an Alias. When I tried to redirect the folder error_handler on site1.com to /home/username/error_handler, it would seem to work right if I typed site1.com/error_handler in the browser. But if I typed site1.com/test1234 (non-existant), it would say there was a 404 error trying to use the error handler. Also, I would have to login through the web client and point and click (and wait several minutes for the server to restart) every time I wanted to set this up for a new site, even if I could get it to work.
So I tried getting it to work with mod_rewrite, which seems like the most flexible solution. My first attempt looked something like this (stored in /home/username/site1.com/.htaccess for now, though it would eventually be at /home/username/.htaccess:
RewriteEngine On
RewriteRule ^error_handler/index.php$ /home/username/error_handler/index.php
The plain english version of what I was trying to do above is to send requests on any of my sites for error_handler/index.php to /home/username/error_handler/index.php. The mis-understanding I had is that the subsitution will be treated as a file path if it exists. But I missed that the documentation says "(or, in the case of using rewrites in a .htaccess file, relative to your document root)". So instead of rewriting to /home/username/error_handler/index.php, it's actually trying to rewrite to /home/username/site1.com/home/username/error_handler/index.php.
I tried including Options +FollowSymLinks because in the Apache documentation it says this:
To enable the rewrite engine in this context [per-directory re-writes in htaccess], you need to set "RewriteEngine On" and "Options FollowSymLinks" must be enabled. If your administrator has disabled override of FollowSymLinks for a user's directory, then you cannot use the rewrite engine. This restriction is required for security reasons.
I searched around for a while and I couldn't find anything about how Dreamhost handles this (probably because I don't know where to look).
I experimented with RewriteBase because in the Apache documentation it says this:
"This directive is required when you use a relative path in a substitution in per-directory (htaccess) context unless either of the following conditions are true:
The original request, and the substitution, are underneath the DocumentRoot (as opposed to reachable by other means, such as Alias)."
Since this is supposed to be a URL path, in my case it should be RewriteBase /, since all my redirects will be from site1.com/error_handler. I also tried Rewrite Base /home/username and RewriteRule ^error_handler/index.php$ error_handler/index.php. However, the Rewrite Base is a URL path relative to the document root. So I need to use something like an alias still. The implication in the quote from the documentation above is that it is possible to use mod_rewrite to send content above the web root. One of the many things I don't know is what the 'other means' besides Alias might be. I believe Alias might not be an option on Dreamhost. At least I couldn't make sense of it.
Why not use error pages in the site root, then include the actual file from the shared section?
I'd like to add groups to my site, and for that I would like to get rid of a directory, thus the homepage of each group would be like: http://example.org/my-awesome-group instead of http://example.org/group/my-not-so-awesome-group
using the rule RewriteRule ^group/([a-z0-9-]+)/ is quite easy to rewrite each requests accordingly, but without it I'm having some headaches, I'm not sure how to tackle this. do you have any experience about it?
for example there's no group /javascript /css those have to be treated as actual directories on the file system.
thanks!
You can make rewriting rules conditional on whether or not the request refers to a file/directory that actually exists on the filesystem. In addition to the mod_rewrite documentation, take a look at this question here on SO that has an example configuration.
I've done everything right. My server has mod_rewrite enabled, my virtualhost path has AllowOverride set to All, and I have the .htaccess file in place with the rewrite rules same as everyone. But I have trouble accessing some pages using their clean url paths. So for 90% of the pages, clean urls work fine. But for that 10%, they don't.
I have checked whether those pages exist -- they do. Checked whether they are accessible using index.php?q=[path] -- and they are. They are only inaccessible through clean url paths.
Can anyone help me with this mystery?
Because you can access your pages through q=path/to/menu/item, then it's clear that it is mod_rewrite that is at fault and not Drupal.
To debug what is going on with your rewrite, either turn on the rewrite log and tail -f it while you request the troubled pages, or alternatively print_r($_GET) at the top of index.php or page.tpl.php to see what is actually being requested.
If you are comfortable posting your potentially sensitive .htaccess here, do so and we can have a look at it for you to see if there are any misconfigurations.
mod_rewrite has a few long-standing bugs that mangle URLs on the way through (do your problem urls have any escape characters?). I don't know if Drupal does this, but in other PHP apps I have had to add code to re-do the rewrite once the correct entrypoint has been reached.
Unfortunately, Drupal can't take its search path in PATH_INFO (as a lot of other apps do), otherwise you could use mod_alias which is much simpler and much more reliable.
I have a url that is easily accessible when you request it as:
http://example.com/2005/01/example.html
or
http://example.com/2005/01/example
(I actually don't know why it works without the extension. Instead, it should return the usual 404 error.)
However, when I try to access the following url:
http://example.com/2005/01/example/
(note the trailing slash)
I get a 404 Not found error but with the requested url printed as:
http://example.com/2005/01/example.html/
So, it seems the ".html" part was automatically added by apache.
My question is: how do I disable this behavior? I need to do it because I want add mod_rewrite rules to hide the html extension, so that I can access that url as:
http://example.com/2005/01/example/
My apache is 2.2.9 on Ubuntu 8.10.
Thanks!
MultiViews could cause this behavior. Try to disable it:
Options -MultiViews
Is example.html an actual file that lies in the directory path 2005/01? It seems like mod_rewrite is already active. If you use a blog or content management system on your server, then it probably does stuff to your url's already.