My situation:
We have a mobile version of our website, and want to start redirecting mobile users to it. The plan is to do this in Apache httpd.conf or .htaccess, using something like this:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} (iPhone|Blackberry|...)
RewriteRule (.*) mobile/$1
However we want there to be a way for users to override our default action of redirecting them. One way we thought to do it was to show a link on the mobile site directing back to the regular site, and store a cookie when they use that link.
Could the Apache configuration file check a cookie before redirecting?
Is there a better way?
The HTTP_COOKIE server variable contains the cookies passed from the client to the server. You can look in there to find out what cookies have been generated by a script or module.
Related
I have already installed ssl certificate on my opencart site but some pages are working fine with https but category pages not working with https. Do I need to change all url in database also? In the config file, I already set https.
Some of these may not apply to your particular installation but in the interest of creating a comprehensive answer, I've tried to cover all the bases here:
Note: you might need to adjust the table names depending on your store's table prefix if they don't begin with oc_
Open config.php and admin/config.php and change all those constant url declarations to https - make sure to include HTTP_SERVER and HTTP_CATALOG
In your admin panel go to system > settings, click edit and in the server table set Use SSL: to Yes.
In your database update the store_url column in the oc_order table so that all links are https. This is important because updating orders can fail if the api attempts to access http version of your site. you can use this query: UPDATE oc_order SET store_url = REPLACE(store_url, 'http:', 'https:')
If you have any hard coded images and links in your description tables you should replace those as well. SSL will still work but will show the warning flag in the browser bar. This includes oc_product_description, oc_category_description, and any other tables where you might have created html content.
Same as above for your theme files. It's fairly common to find hard coded http:// links and images in footer.tpl and header.tpl for starters. You can simply browser your site to see if any of the pages are not showing the green lock icon in the browser and take it from there.
Another culprit breaking https can be third party extensions which can exist both as files and in OC2 as ocmods in the oc_modification table.
Finally, create a redirect in .httaccess to gracefully let traffic know that your pages can now be found on https. I've excluded robots.txt and any connections for the openbay routes because, based on experience, when I tried to redirect ebay webhooks it broke things and they seem to be http only by default. I suspect this may be a shortcoming in how openbay handles those requests, or possibly a configuration issue but I was unable to find a workaround that didn't break openbay so for now I'd recommend leaving those requests untouched. I am using this in .htaccess:
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !/robots\.txt$
RewriteCond %{QUERY_STRING} !^route=ebay/openbay/*
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
That should do it!
I have a page at example.com/themizer.php, but I want it to appear that it's actually located at example.com/themizer/ (or example.com/themizer/index.php) for all practical purposes. I know how to basically make an alias for it with mod_rewrite, but how do I make it appear that users are being redirected to that alias? Example: a user requests example.com/themizer.php and the address in their browser turns into example.com/themizer/ without actually redirecting. Is this possible?
With server-sided configuration, you can only accomplish this with a redirect. This does not necessarily need to be a problem. Just make sure that the urls on your site point to the fancy url and not to the internal url. Otherwise you generate a lot of requests that have to be redirected, instead of just redirecting the odd request that came in in an other way (e.g. through an external old url or old bookmark). You do it like this:
#External redirect
RewriteCond %{THE_REQUEST} ^GET\ /themizer\.php\ HTTP
RewriteRule ^themizer\.php$ /themizer/ [R,L]
#Internal rewrite
RewriteRule ^themizer/?$ themizer.php [L]
If you really must, you can use javascript to 'push' a new window state into the history, updating the address bar. This causes the "go to previous page" button in your browser to contain bogus though. In other words: Going to the previous page does not work as expected, which I would not recommend since there is a better option available. You can do it with the following javascript statement in browsers that support it:
window.history.pushState( null, document.title, "/themizer" );
here is the situation and I need a little help with it:
I have a domain xxxxx.com and a sub-domain upload.xxxxx.com both lead to directory /www/xxxxx.com/, but I am using the 2nd domain for file uploading since I am using Cloudflare's services and with the 2nd domain there are no performance optimization and troubles with the upload (I've created cookies that are valid for both domains).
But my point is because I am using only 1 file for that 2nd domain and it upload.xxxxx.com/upload.php the same file exist under xxxxx.com/upload.php - I am not really good in .htaccess, so how can I make the only page that could be opened from this subdomain to be upload.php and all other to redirect to the main domain ?
You can use this rule as first rule in your DOCUMENT_ROOT/.htaccess file:
RewriteEngine On
RewriteCond %{HTTP_HOST} !^upload\. [NC]
RewriteRule ^upload\.php$ /? [NC,L,R]
What I did in the end I think it's good for the users who are interested to know:
I added a cross domain support for the cookies and added additional domain, upload.*
I left the upload.* domain only on redirect rules via Cloudflare (no optimization)
Redirected the uploading form to the upload.xxxxx.com/upload.php
Made the cookie cross domain based on login so when you login on the main site you're logged in on the upload.* one too.
When you submit the form it uploads really fast via upload.* and redirects back to the preview page on the original domain.
It handles the errors via cookies from the upload.* to the normal domain
Hope this helps :)
Is is possible to secure a directory on Apache with a custom form? I have a directory full of static HTML files, it is basically a full static site. I want to secure this site with a password.
I know I can use .htaccess but I would much rather have a custom form/database to secure the site. I know how to code in PHP well enough to create the form, database and do the authentication. What I don't know is how to tell Apache to redirect to that form if the user is not authenticated.
UPDATE: I would be fine using other authentication modules. I'm looking for a system similar to IIS Forms authentication. If the user is not logged in, visiting any file in the directory will redirect to a login form. Once logged in they can view any of the files in the directory.
Pseudocode follows:
if user authenticated:
read a file and output into browser (or return 404)
else:
show the form
end
The following .htaccess will rewrite every request to .html files into index.php:
RewriteEngine on
RewriteCond %{REQUEST_URI} \.html$
RewriteRule \.html$ /index.php [QSA,L]
You'll find the requested .html filename in $_SERVER['REDIRECT_URL'].
(Most of known PHP frameworks uses this or similar approach. There isn't anything fancy in this.)
May be a noob question but I'm just starting playing around with apache and have not found a precise answer yet.
I am setting up a web app using url-rewriting massively, to show nice urls like [mywebsite.com/product/x] instead of [mywebsite.com/app/controllers/product.php?id=x].
However, I can still access the required page by typing the url [mywebsite.com/app/controllers/product.php?id=x]. I'd like to make it not possible, ie. redirect people to an error page if they do so, and allow them to access this page with the "rewritten" syntax only.
What would be the easiest way to do that? And do you think it is a necessary measure to secure an app?
In your PHP file, examine the $_SERVER['REQUEST_URI'] and ensure it is being accessed the way you want it to be.
There is no reason why this should be a security issue.
RewriteCond %{REDIRECT_URL} ! ^/app/controllers/product.php$
RewriteRule ^app/controllers/product.php$ /product/x [R,L]
RewriteRule ^product/(.*)$ /app/controllers/product.php?id=$1 [L]
The first rule will redirect any request to /app/controllers/product.php with no REDIRECT_URL variable set to the clean url. The Rewrite (last rule) will set this variable when calling the real page and won't be redirected.