This is my current htaccess
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ /ouruniversity/public/index.php [NC,L,QSA]
Which redirects me all links to my entrypint in php. Now I would like to protect all / admin / routes with htaccess password. I tried to do this
# Do the regex check against the URI here, if match, set the "require_auth" var
SetEnvIf Request_URI ^/admin/ require_auth=true
# Auth stuff
AuthUserFile /ouruniversity/.htpasswd
AuthName "Password Protected"
AuthType Basic
# Setup a deny/allow
Order Deny,Allow
# Deny from everyone
Deny from all
# except if either of these are satisfied
Satisfy any
# 1. a valid authenticated user
Require valid-user
# or 2. the "require_auth" var is NOT set
Allow from env=!require_auth
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ /ouruniversity/public/index.php [NC,L,QSA]
and the login form is correctly shown to me, only by clicking cancel or logging in with the wrong username and password, the contents are displayed anyway. How can I fix it?
Related
Route redirect to parent domain when I put / at the end of the URL
For example:
My base URL is: http://localhost/pep_digital/.
My URL is http://localhost/pep_digital/dashboard
When I put trailing slash / at the end like http://localhost/pep_digital/dashboard/
It redirects me to http://localhost
After visiting this link http://localhost/pep_digital/dashboard/test/
It redirects me to http://localhost/dashboard/test
And https://localhost/pep_digital/dashboard/test/dashboard/test/
It redirects me to https://localhost/dashboard/test/dashboard/test
It removing the 1st segment from the URL.
And the following routes I tried for all the issue is the same.
$routes->group('dashboard', function ($routes) {
// Other routes
});
or
$routes->match(['get'],'dashboard', 'Dashboard::index');
or
$routes->get('dashboard', 'Dashboard::index');
My .htaccess
# Protect .env
<Files .env>
Order Allow,Deny
Deny from all
</Files>
# Disable directory browsing
Options All -Indexes
# ----------------------------------------------------------------------
# Rewrite engine
# ----------------------------------------------------------------------
# Turning on the rewrite engine is necessary for the following rules and features.
# FollowSymLinks must be enabled for this to work.
<IfModule mod_rewrite.c>
Options +FollowSymlinks
RewriteEngine On
# If you installed CodeIgniter in a subfolder, you will need to
# change the following line to match the subfolder you need.
# http://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewritebase
# RewriteBase /
# Redirect Trailing Slashes...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Rewrite "www.example.com -> example.com"
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
# Checks to see if the user is attempting to access a valid file,
# such as an image or css document, if this isn't true it sends the
# request to the front controller, index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([\s\S]*)$ index.php/$1 [L,NC,QSA]
# Ensure Authorization header is passed along
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
<IfModule !mod_rewrite.c>
# If we don't have mod_rewrite installed, all 404's
# can be sent to index.php, and everything works as normal.
ErrorDocument 404 index.php
</IfModule>
# Disable server signature start
ServerSignature Off
# Disable server signature end
Update
Well, I have updated my .htaccess to the latest updated branch, https://github.com/codeigniter4/CodeIgniter4/blob/develop/public/.htaccess
And then clear my cookies and cache and tried again and my issue got fixed.
Clearing cache is because the redirect was set to R=301.
When users go to my sub domain, I want them to be redirected to a specific file I have in my subdomain. Or, to be exact, when someone goes here
http://app.example.com/
they should be redirected to here:
http://app.example.com/dashboard/
Everything I have tried doesn't seem to be working and the examples I have found online either don't work or don't do what I need them to do.
I'm also trying to get this to work from my root directory (from public_html). This is my file structue:
/ public_html
/ .htaccess
/ index.php
/ app.example.com
/ dashboard.php
You can see my htaccess file sitting on the top level. This is where I need to keep it.
This is my current file (including my attempt at the redirect):
# --------------------------------------------------------------------------------------------------------------------------------------
# Stops people from being able to see htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>
# --------------------------------------------------------------------------------------------------------------------------------------
# Options
Options All -Indexes +MultiViews
# --------------------------------------------------------------------------------------------------------------------------------------
# Redirect app.example.com to /dashboard
RewriteEngine On
RewriteCond %{HTTP_HOST} ^app.example.com
RewriteRule ^$ /dashboard [L,R=301]
# --------------------------------------------------------------------------------------------------------------------------------------
# Makes it so url can have slash at the end instead of .php extension
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{DOCUMENT_ROOT}/$1.php -f
RewriteRule ^(.+?)/?$ $1.php [L]
# --------------------------------------------------------------------------------------------------------------------------------------
# Adds wwww to url if it doesnt already have it
RewriteCond %{HTTP_HOST} ^example\.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301,NC]
rewriting works fine until we add auth to htaccess. Is auth formatted correctly? Why would rewrite work before adding auth?
Request params at the site controller with no auth:
[id] => 433 [type] => city
Params after auth added and the user authenticated:
[site/query]
Sample query url that works without auth:
http://www.website.com/site/query?type=city&id=433
The .htaccess with basic auth at the bottom:
# any visits not coming from this official URL should be rerouted; AJAX cross-domain, www.website.com is not the same as our.company.com
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.website\.com$ [NC]
RewriteRule ^(.*)$ http://www.website.com/$1 [R=301,L]
# route all requests that are NOT static files, through index.php to make the /nice/urls/ work
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?$1 [L]
# disable file listings for directories
Options -Indexes
# disable the fetching of .phtm
<Files ~ "\.phtml$">
Order allow,deny
Deny from all
</Files>
# Protect hidden files from being viewed
<Files .*>
Order Deny,Allow
Deny From All
</Files>
# Protect application and system files from being viewed
RewriteRule ^(?:modules|system)\b.* index.php/$0 [L]
# Allow any files or directories that exist to be displayed directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
AuthType Basic
AuthName "Password required"
AuthUserFile /maps/scorp/main/.htpasswd
Require valid-user
I've got no answer to your nice questions but I hope I found a solution. :)
IMHO in your .htaccess the authorisation will take the advantage. It's a kinda tricky but you can break the priority by enclosing the "Require valid-user" directive into block <Files>. E.g.:
<Files "*.phtml">
Require valid-user
</Files>
I have searched all day for a solution to the problem I'm having and found many proposed solutions, although none of them worked. I have url rewriting set up and everything works fine except for one folder. If a folder or file exists do not rewrite it otherwise send it into index.php for handling. The one subfolder that is giving the problem is password protected. The password protected folder gets re-written into the index.php as if the subfolder is invalid. The other subfolders work fine and do not have a .htaccess in them. folder structure and .htaccess below.
Folder structure with relevant files
public_html(root)
fonts
images
js
css
email
.htaccess
index.php
.htaccess
index.php
public_html/.htaccess
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ /index.php [L]
public_html/email/.htaccess
AuthType Basic
AuthName "email"
AuthUserFile "/home/site/.htpasswds/public_html/email/passwd"
require valid-user
I tried to turn off rewrite inside of email folder to prevent the rewrite form propagating in this solution had no apparent effect.
## turn off rewrite engine
RewriteEngine off
AuthType Basic
AuthName "email"
AuthUserFile "/home/site/.htpasswds/public_html/email/passwd"
require valid-user
I also tried filtering out the folder in the root .htaccess which also seemed to be ignored as well and made no apparent difference.
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^email
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
Any help with this would be greatly appreciated!
update 2/23/2015: 11:20am(est)
One thing I have noticed if I disable the url rewriting and authenticate for the folder then re-enable rewriting everything works as expected. It appears to only happen if you are not already authenticated.
After giving up on this for a while I looked back into this today and found the solution. Posted below. The 401 error is interpreted by apache as a 404 error and passing along to the rewrite. The solution is to add ErrorDocument 401 default before the RewriteEngine is turned on. This seems redundant telling it to use the default error message explicitly, but it does resolve the error.
ErrorDocument 401 default
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^email [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
Your filtering out email folder wasn't working because your condition isn't being matched. You almost had it. REQUEST_URI also matches the prepending / so because you didn't have it before email it was not matching. You have to include it when using REQUEST_URI in the condition. It's a real folder so you shouldn't need it but try it this way.
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^/email [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
Also clear you browser cache before trying updated rules.
I am trying to use fuelcms in my arch linux lamp server. But I cant make htaccess to work. My home folder is ytsejam/fuel_cms/..
This is my .htaccess file :
Options +FollowSymLinks
<IfModule mod_rewrite.c>
RewriteEngine On
<Files .*>
Order deny, allow
Deny From All
</Files>
# Allow asset folders through
RewriteRule ^(fuel/modules/(.+)?/assets/(.+)) - [L]
# Protect application and system files from being viewed
RewriteRule ^(fuel/install/.+|fuel/crons/.+|fuel/data_backup/.+|fuel/codeigniter/.+|fuel/modules/.+|fuel/application/.+|\.git.+) - [F,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php?/$0 [L]
</IfModule>
Options -Indexes
/var/log/httpd/error_logs show that
/home/ytsejam/public_html/fuel_cms/.htaccess: order takes one argument, 'allow,deny', 'deny,allow', or 'mutual-failure'
can anyone help me ?
You have just inserted additional space after the comma
"deny, allow" must be "deny,allow"