How do I ignore a directory in mod_rewrite? - apache

I'm trying to have the modrewrite rules skip the directory vip. I've tried a number of things as you can see below, but to no avail.
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
#RewriteRule ^vip$ - [PT]
RewriteRule ^vip/.$ - [PT]
#RewriteCond %{REQUEST_URI} !/vip
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
How do I get modrewrite to entirely ignore the /vip/ directory so that all requests pass directly to the folder?
Update:
As points of clarity:
It's hosted on Dreamhost
The folders are within a wordpress directory
the /vip/ folder contains a webdav .htaccess etc (though I dont think this is important

Try putting this before any other rules.
RewriteRule ^vip - [L,NC]
It will match any URI beginning vip.
The - means do nothing.
The L means this should be last rule; ignore everything following.
The NC means no-case (so "VIP" is also matched).
Note that it matches anything beginning vip. The expression ^vip$ would match vip but not vip/ or vip/index.html. The $ may have been your downfall. If you really want to do it right, you might want to go with ^vip(/|$) so you don't match vip-page.html

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
This says if it's an existing file or a directory don't touch it. You should be able to access site.com/vip and no rewrite rule should take place.

The code you are adding, and all answers that are providing Rewrite rules/conditions are useless! The default WordPress code already does everything that you should need it to:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
Those lines say "if it's NOT an existing file (-f) or directory (-d), pass it along to WordPress. Adding additional rules, not matter how specific or good they are, is redundant--you should already be covered by the WordPress rules!
So why aren't they working???
The .htaccess in the vip directory is throwing an error. The exact same thing happens if you password protect a directory.
Here is the solution:
ErrorDocument 401 /err.txt
ErrorDocument 403 /err.txt
Insert those lines before the WordPress code, and then create /err.txt. This way, when it comes upon your WebDAV (or password protected directory) and fails, it will go to that file, and get caught by the existing default WordPress condition (RewriteCond %{REQUEST_FILENAME} !-f).

In summary, the final solution is:
ErrorDocument 401 /misc/myerror.html
ErrorDocument 403 /misc/myerror.html
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
I posted more about the cause of this problem in my specific situation, involving Wordpress and WebDAV on Dreamhost, which I expect many others to be having on my site.

You mentioned you already have a .htaccess file in the directory you want to ignore - you can use
RewriteEngine off
In that .htaccess to stop use of mod_rewrite (not sure if you're using mod_rewrite in that folder, if you are then that won't help since you can't turn it off).

Try replacing this part of your code:
RewriteRule ^vip/.$ - [PT]
...with the following:
RewriteCond %{REQUEST_URI} !(vip) [NC]
That should fix things up.

RewriteCond %{REQUEST_URI} !^pilot/
is the way to do that.

In my case, the answer by brentonstrine (and I see matdumsa also had the same idea) was the right one... I wanted to up-vote their answers, but being new here, I have no "reputation", so I have to write a full answer, in order to emphasize what I think is the real key here.
Several of these answers would successfully stop the WordPress index.php from being used ... but in many cases, the reason for doing this is that there is a real directory with real pages in it that you want to display directly, and the
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
lines already take care of that, so most of those solutions are a distraction in a case like mine.
The key was brentonstrine's insight that the error was a secondary effect, caused by the password-protection inside the directory I was trying to display directly. By putting in the
ErrorDocument 401 /err.txt
ErrorDocument 403 /err.txt
lines and creating error pages (I actually created err401.html and err403.html and made more informative error messages) I stopped the 404 response being generated when it couldn't find any page to display for 401 Authentication Required, and then the folder worked as expected... showing an apache login dialog, then the contents of the folder, or on failure, my error 401 page.

I’ve had the same issue using wordpress and found that the issue is linked with not having proper handler for 401 and 403 errors..
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
These conditions are already supposed not to rewrite the url of existing folders but they don’t do their job for password protected folders. In my case, adding the following two lines to my root .htaccess fixed the problem:
ErrorDocument 401 /misc/myerror.html
ErrorDocument 403 /misc/myerror.html
Of course you need to create the /misc/myerror.html,

This works ...
RewriteRule ^vip - [L,NC]
But ensure it is the first rule after
RewriteEngine on
i.e.
ErrorDocument 404 /page-not-found.html
RewriteEngine on
RewriteRule ^vip - [L,NC]
AddType application/x-httpd-php .html .htm
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
etc

I'm not sure if I understand your objective, but the following might do what you're after?
RewriteRule ^/vip/(.*)$ /$1?%{QUERY_STRING} [L]
This will cause a URL such as http://www.example.com/vip/fred.html to be rewritten without the /vip.

Related

mod_rewrite - Removing index.php from URL (in subfolder)

I'm trying to get an API working (locally, for now), which lives in a subfolder. I've been trying every example I can find, but all are ending up in 404 errors.
I have this URL:
http://127.0.0.1/~owner/personal/api/v1/index.php/tasks
I want to be able to use this:
http://127.0.0.1/~owner/personal/api/v1/tasks
Eventually, it will become this:
http://api.mydomain.com/tasks
I just can't seem to get my .htaccess rules setup correctly. This keeps getting suggested, but does nothing:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]
What am I missing?
Update
I have setup my virtual hosts to use http://api.local/ instead of the previously used addresses.
Accessing http://api.local/index.php/tasks works.
Accessing http://api.local/tasks does not.
Maybe part of your problem is your development environment. You are using a local server to do this on with several subfolders deep and I think it's messing with your .htaccess depending on the location.
If your .htaccess is in the root of your website http://127.0.0.1/.htaccess then it's not going to work properly.
Make sure it's in the same directory as your index.php file and make sure /~owner/personal/api/v1/ is your document root for your dev environment as specified in your apache config file.
Then you can test out your htaccess rules and see how they work. Your current rule should be ok providing /tasks won't be a real directory in the root.
On another note,
I always suggest using your real domain name so you could see how it works as if it were in production. You can do that by modifying your HOST file on your PC and the site will only available to you and you can access via yoursite.com. This quick easy guide will show you.
Try specifying the rewrite base.
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]
You are using the parameters of RewriteRule backwards. You need this:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^/?(.*?)/index.php(.+)?$ /$1$2
This means:
if it's not a file
and it's not a directory
and it looks like / (optional), possibly some more characters, then /index.php, then possibly some more characters, go to the URL without the /index.php part.
Note that I deleted the [L] for now -- it means "if the URL matches this rule, don't apply any more rules." You say you want to keep transforming it into http://api.mydomain.com/tasks, so you shouldn't use [L].

why doesn't this .htacess file prevent users from accessing content I want secured?

I am trying to accomplish several things with this .htacess file, but cannot seem to
get it to serve the rewrites I need, while preventing unathorized access to files I want
hidden. My goal is to allow any file located in /sections/section_name/webroot/ to be accessed through /section_name/. So, /admin/images/kittens/cat.jpg would serve up /sections/admin/webroot/images/kittens/cat.jpg if it existed. I want to be able to have multiple sections. If a section is not specified, but the file exists in /sections/default/webroot, then I'd like for that to be served. Any other request should
go to /dispatcher.php. I thought I had this working, until I requested a configuration
file in /config and was able to see it. Then I realized I could basically view any file
if I knew that path.
How can I fix this security issue while still keeping the rewrites working?
Here is my .htacess file:
Options +FollowSymlinks -MultiViews -Indexes
RewriteEngine On
# If a file is requested in the admin webroot, and it exists, allow it to pass through
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteRule ^admin(/.*)$ sections/admin/webroot/$1 [L,QSA]
# if the requested url begins with /customers and it is located in /sections/customers/webroot
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteRule ^customers(/.*)$ sections/customers/webroot/$1 [L,QSA]
# if the requested url begins with /resellers and it is located in /sections/resellers/webroot
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteRule ^resellers(/.*)$ sections/resellers/webroot/$1 [L,QSA]
# if the requested file does not begin with /admin, /customers, or /resellers, and is in /sections/default/webroot, then serve it
RewriteCond %{DOCUMENT_ROOT}/sections/default/webroot/$1 -f
RewriteRule ^(.*)$ sections/default/webroot/$1 [QSA,L,NC]
# Send everything else to the dispatcher
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteRule ^(.*)$ dispatcher.php [QSA,L]
I know this isn't quite a solution, but have you tried cutting it all the way down and then adding the rules back one by one, testing each one along the way? For starters, if you can get files in /config that you're not supposed to, I'd try cutting everything except the final rule (which is supposed to send requests in /config to dispatcher) and see if that works. If it does, keep adding things back slowly until you see which specific rule is allowing /config files to be seen. Then you know what to fix.
Adding this to the end worked. Anything that wasn't a valid file requested in one of the
webroot folders, and that wasn't a call to dispatcher.php, was redirected to dispatcher.
RewriteCond %{REQUEST_URI} !=/dispatcher.php
RewriteCond %{REQUEST_URI} !^/sections/[a-zA-Z0-9_-]+/webroot/
RewriteCond %{SCRIPT_FILENAME} -f
RewriteRule ^(.*)$ dispatcher.php [QSA,L]

Mediawiki Subdirectory Installation

Possible Duplicate: MediaWiki on SubDirectory and SubDomain (However doesn't have an answer, nor any replies offering help)
Alright, I'm trying to configure MediaWiki to be installed to a sub-directory. I previously had it installed to a primary domain on http://www.example.com/ with a mod_rewrite using a Short URL of /wiki/Main_Title.
As a note, I'm also on HostGator shared hosting which has special rules for short urls.
My directory structure is as such:
/ (site root; location of .htaccess)
/wiki/ (mediawiki root; location of LocalSettings.php)
Here's what I tried,
.htaccess:
RewriteEngine on
RewriteBase /
RewriteRule ^(.*)\&(.*)$ $1\%26$2
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^wiki/(.+)$ ./wiki/index.php?title=$1 [PT,L,QSA]
/wiki/LocalSettings.php:
## The URL base path to the directory containing the wiki;
## defaults for all runtime URL paths are based off of this.
## For more information on customizing the URLs please see:
## http://www.mediawiki.org/wiki/Manual:Short_URL
##
$wgScriptPath = "/wiki";
$wgScriptExtension = ".php";
$wgArticlePath = "$wgScriptPath/$1";
However, I do not get anything. I simply get a 403/Forbidden error; no 500 Internal Server Error, just a 403 - url http://www.example.com/. It's as if there's nothing being done. I've banged my head against the wall trying to figure this out. Any help is appreciated.
Thanks in advance!
What is the purpose of
RewriteRule ^(.*)\&(.*)$ $1\%26$2
You've lost me entirely on this one. Any URI with a second parameter will loop indefinitely and generate a 500 status return.
If you read the Rewrite documentation:
What is matched?
...If you wish to match against the ... query string, use a RewriteCond with the ... %{QUERY_STRING} variables
The & is normally part of the query parameter. It can appear in the RewriteRule pattern in the case of malformed URI (e.g. fred&q=1). By default, mod_rewrite will treat this as fred?q=1, but this converts it to the escaped %26 variant so this would be passed as a title fred&q=1 to MW (which is an invalid MW title by the way). I think that you should get rid of it or at least understand what you are trying to do here.
The last line should be
RewriteRule ^wiki/(.+) wiki/index.php?title=$1 [PT,L,QSA]
and keep the RewriteBase otherwise mod_rewrite can get confused.
This should work OK:-)
You're on the right track... if you're on a shared environment, then try this:
RewriteEngine on
# Comment to force base to be the subdir:
# RewriteBase /
RewriteRule ^(.*)\&(.*)$ $1\%26$2
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^wiki/(.+)$ ./wiki/index.php?title=$1 [PT,L,QSA]
Two hints:
If you're not in a hosted environment (= if it's your own server and you can modify the virtual hosts, not only the .htaccess files), try to use the RewriteLog directive: it helps you to track down such problems:
# Trace:
# (!) file gets big quickly, remove in prod environments:
RewriteLog "/web/logs/mywebsite.rewrite.log"
RewriteLogLevel 9
RewriteEngine On
My favorite tool to check for regexp:
http://www.quanetic.com/Regex (don't forget to choose ereg(POSIX) instead of preg(PCRE)!)
My ticket to HostGator resolved the issue, albeit un-helpfully. I was hoping for a single .htaccess solution, rather than a double .htaccess redirect/rewrite. However, here's my solution.
/:
RewriteEngine on
RewriteCond %{REQUEST_URI} ^/$
RewriteRule ^.*$ http://www.example.com/wiki/
/wiki/:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.+)$ index.php?title=$1 [L,QSA]
I tried different solutions and what worked for me was changing .htaccess in mediawiki subfolder to
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /wikifolder/index.php [L]
</IfModule>

Having a CGI script catch all requests to a domain with Apache

Using Apache 2, I want to configure my website so that any requests to the domain are forwarded to a Python CGI script. Basically, if the user goes to http://www.example.com i want the cgi /cgi-bin/cgi.py to execute. If the user goes to http://www.example.com/index.rss I want /cgi-bin/cgi.py to be executed with /index.rss as the argument. I have tried various combinations of ScriptAlias and Rewrite and cannot seem to get them in the right relationship.
RewriteEngine On
RewriteRule ^(.*)$ /cgi-bin/cgi.py?url=$1
This will redirect ALL requests to your python file.
If you're having trouble with the script alias still, try adding the passthrough flag [PT] at the end of the RewriteRule line
If you still want to be able to access images etc then add this before the RewriteRule:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
(not sure on the correct procedure with answering ones own question - but...)
Looks like I was having conflict with ScriptAlias and RewriteRule. In the end the solution was to use AddHandler to create a relationship then use mod_rewrite to pull everything into the CGI. And RewriteCond to avoid catching /resources/ and /media/. My VirtualHost now looks like this:
AddHandler cgi-script .cgi
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/resources/.*$
RewriteCond %{REQUEST_URI} !^/media/.*$
RewriteRule ^(.*)$ /cgi-bin/pyblosxom.cgi$1 [L]
Thanks for your help guys.
While it's not 100% what you're looking for, here's the .htaccess I use for an old abandoned domain of mine to redirect people properly. It basically redirects for any file or directory not found in the local directory structure. It's up to the script itself to figure out what url it was called for:
RewriteEngine On
#if the request isn't for a file or a directory...
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php
I used the capturing rewrite rule and it worked to a degree. The problem was that original query string of the request URI wasn't passed to the cgi when using $1. I ended up removing the capture and just referencing ENV['REQUEST_URI'] in my cgi script to gain access.

How would I go about creating a mod_rewrite that redirects to launch.php?i=/the/url/that/they/want?

So if the user types mydomain.com/dashboard, the document the server actually sends them is /launch.php?i=/dashboard.
The one caveat is that I would like to leave requests for
/flags
/people
/posters
/css
/icons
/images
/libraries
/patterns
alone, and they should request the actual folder.
How would I create such a mod_rewrite?
This is the .htaccess file for the CakePHP Framework.
Please replace the index.php and ?url= to fit your needs.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php?url=$1 [QSA,L]
</IfModule>
The "!-d" tells Apache to follow existing folders and "!-f" to follow existing files.
Everything else is channelled through index.php
As suggested in a comment, you have to be aware that if it's not working it could be because mod_rewrite is not enabled and you'll not get an error stating that fact, you'll probably only have a HTTP 404.