I have a script myscript.inc.php which handles all urls that look like /script-blah
I accomplish this by using following .htaccess
RewriteEngine On
RewriteRule ^script-(.*)$ myscript.inc.php?s=$1 [QSA,L]
However users could also access it this way by typing /myscript.inc.php?s=blah
I would like to prevent that. I tried
<Files ~ "\.inc\.php$">
Order deny,allow
Deny from all
</Files>
and
RewriteCond %{REQUEST_URI} \.inc\.php
RewriteRule .* - [F,L,NS]
They both prevent users from viewing /myscript.inc.php?s=blah but they also cause /script-blah to return 403...
Is there a way to do this correctly?
I use the following method to protect my .inc.php files. Add the following to your .htaccess:
#Prevent Users From Accessing .inc.php files in .htaccess
<Files ~ ".inc.php$">
Order allow,deny
Deny from all
</Files>
You could also try the following (a number of open source packages do this)
place a blank index.html in every folder
use this rule in .htaccess to block folder reading Options -Indexes
place a line that dies scripts where a global constant isn't found
For example, here is Kohana's "toss out invalid accesses". It is the first line in all PHP files.
<?php defined('SYSPATH') or die('No direct script access.'); ?>
This line basically says "if not included via index.php where SYSPATH is defined, we will abort script and show a friendly message"
You could redirect if it is a filename
RewriteCond %{REQUEST_FILENAME} =-f
Related
In my server I have folder called customers, in which it contains sub-folders [uid] (/customers/[uid]) where uid is the unique identifier assigned to each customer. There are other folders in each /customers/[uid].
Among them there is a folder titled images which, as the name suggests, contains images.
I would like to configure the .htaccess so that the user can only access directly files in the /customers/[uid]/images but the user is not allowed to access any other folder or any directory listing.
Because I am not very familiar with .htaccess syntax, I tried to search some answers online but I am still very confused. Especially giving that I have already a RewriteRule in my .htaccess. I am not sure where and how to add more to accomplish what I want.
This is what my .htaccess look like for now.
DirectoryIndex test.php
<Files "database.ini">
Order Allow,Deny
Deny from all
</Files>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.*)$ $1.php [L]
</IfModule>
I am using a VPS hosting, and the directory index is , by default, enabled. So now if I try to access /customers/user it will give me a list of folders where I can continue to access other folders and files
I have tried putting Options -Indexes inside the <IfModule>. After that, I indeed cannot access other directories, but I can't access any files in any directory anymore.
What you an do is make a .htaccess file per every user directory and inside it allow access to ./images
So you will have
/customers/[uid1]/.htaccess
/customers/[uid2]/.htaccess
... etc
and inside every .htaccess you will have:
Allow from all
I'm trying to rewrite my URL's to be more clean and user friendly and also better for SEO, so whenever the user clicks each country link to see the list of train journeys for each country, i.e: Italy, it should call the page country.php?country=italy , but the URL should be rewritten to great_train_journeys/country/italy.
I've tried to set rewrite rules on a .htaccess file but i'm getting the 404 error.
Here is my code for the .htaccess file:
RewriteEngine on
RewriteCond %{QUERY_STRING} ^country=(.*)$
RewriteRule ^country/([A-Za-z0-9-]+)/?$ country.php?country=$1 [NC,R]
I'm using XAMPP to work on my local server, so my project folder is inside the HTDOCS folder, which is the root of my server:
Here is my project structure:
I've checked if mod_rewrite is enabled in the http.config file and also changed the AllowOverride to all like it is below:
<Directory />
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Thanks for your help
I'm trying to rewrite my URL's from this, country.php?country=Italy to this country/Italy
I believe you meant it the other way around, at least this is what your Code tells me. So if someone enter example.com/country/italy you want that the internally the this /country.php?country=italy is called but the user should not see it.
So in this case you need:
RewriteEngine on
RewriteRule ^/?country/([^/]+)/?$ /country.php?country=$1 [NC,L]
But if you mean it the other way around so that the URL in the browser is example.com/country.php?country=Italy but this should internally go to example.com/country/Italy than you need the following:
RewriteEngine on
RewriteCond %{QUERY_STRING} ^(.*&)?country=([^&]*)(&.*)?$
RewriteRule ^/country\.php$ /country/%2 [NC,L]
With this we have some small problems because if example.com/country/Italy is the real folder and someone enter example.com/country.php?country=italy that we will not find the folder with the name italy and we get a 404 error.
In your original Code you also used the [R] Flag (that means redirect), for exapmle if a user enters example.com/country.php?country=italy that the URL in the browser will change to example.com/country/italy
than you should do this:
RewriteEngine on
RewriteCond %{QUERY_STRING} ^(.*&)?country=([^&]*)(&.*)?$
RewriteRule ^/country\.php?$ /country/%2 [NC,R=301]
Now we do a 301 redirect.
I want to redirect www.example.com/type/name to www.example.com/type.php?user=name
{
RewriteRule ^([a-zA-Z0-9_-]+)/type$ type.php?key=$1
RewriteRule ^([a-zA-Z0-9_-]+)/type/$ type.php?key=$1
}
Please help me about this.
Try adding this to the .htaccess file in your web document root folder (often public_html or htdocs):
Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteRule ^type/([^/]+)/? type.php?key=$1 [L]
This assumes that mod_rewrite is both installed and activated for .htaccess files. If you are not sure, to check if mod_rewrite is even installed, look at the list of installed modules in the output of phpinfo(); By default, mod_rewrite is not enabled for .htaccess files. If you are managing your own server, open httpd.conf and make sure that the webroot directory block contains one of these lines: AllowOverride FileInfo or AllowOverride All
try this , hope it helps :
RewriteBase /www.example.com
RewriteEngine On
RewriteRule ^type/(.*)/$ /type.php?user=$1
#OR
RewriteRule ^(.*)/(.*)/$ /$1.php?user=$2
PS : The first one works only for the url : www.example.com/type/value ,the second one works for any page in your site ex: www.example.com/anypage/value
I'm using the rule below in .htaccess to block bots that hammer my site for the listed .php files, i.e. mydomain.com/join.php:
<FilesMatch "(signup|register|join|timthumb)\.php$">
order allow,deny
deny from all
</FilesMatch>
But how can I also protect the same file names in folders in the tree, i.e. mydomain.com/otherdirectory/join.php?
Those file names in other directories are hit less often than root, but I'd still like throw an forbidden error rather than the site 404 page.
I tried, and since I'm on a shared server, I can't use the <Directory> directive.
You may try this in the .htaccess file in root directory:
Options +FollowSymlinks -MultiViews
RewriteEngine On
# Files to protect in next line
RewriteCond %{REQUEST_URI} (join|file1|file2)\.php [NC]
RewriteRule .+ - [F,NS,L]
I'm trying to use rewrite url rules using a .htaccess file. This seems to work fine in my main .htaccess file (only works for php pages which exist in same directory), but when I want to use another .htaccess for php file inside a subdirectory the rules don't apply at all and I get a 404 error page.
The file I want to point to is /news/story.php. story.php requests an integer variable called 'article' to fetch the article from database and display it.
So basically what I want to do is replace http://www.mydomain.com/news/story.php?article=1
with http://www.mydomain.com/news/story/article/1/
I'm using the following rules in the .htaccess file which is inside the 'news' directory.
# For security reasons, Option followsymlinks cannot be overridden.
#Options +FollowSymLinks
Options +SymLinksIfOwnerMatch
RewriteEngine on
RewriteRule story/article/(.*)/ story.php?article=$1
RewriteRule story/article/(.*) story.php?article=$1
Thanks for your help
RewriteRule story/article/(.*)/ news/story.php?article=$1
RewriteRule story/article/(.*) news/story.php?article=$1