I have copied the htaccess file from my other sites (that all work, and are on the same server) and have only changed URLs that need changing (ie when redirecting from non-www to www), but it simply does not work.
My changing of, for example, /index.php to /index fails, but /example.html does work at /example, which makes me think it's an issue with PHP or htaccess acting with PHP?
I've asked several friends of mine to have a look at it and they cannot understand why it's happening.
My .htaccess file is:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.example.com [NC]
RewriteRule ^(.*)$ https://example.com/$1 [L,R=301]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php [NC,L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.html -f
RewriteRule ^(.*)$ $1.html [NC,L]
And my VirtualHost is:
<VirtualHost *:443>
ServerName example.com
ServerAlias localhost
DocumentRoot "/var/www/example.com/public_html"
<Directory "/var/www/example.com/public_html">
Options +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
<VirtualHost *:80>
ServerName example.com
ServerAlias localhost
DocumentRoot "/var/www/example.com/public_html"
<Directory "/var/www/example.com/public_html">
Options +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com [OR]
RewriteCond %{SERVER_NAME} =localhost
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
<VirtualHost *:443>
ServerName www.example.com
ServerAlias localhost
DocumentRoot "/var/www/example.com/public_html"
<Directory "/var/www/example.com/public_html">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
SSLCertificateFile /etc/letsencrypt/live/www.example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>
<VirtualHost *:80>
ServerName www.example.com
ServerAlias localhost
DocumentRoot "/var/www/example.com/public_html"
<Directory "/var/www/example.com/public_html">
Options +Indexes +Includes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.example.com [OR]
RewriteCond %{SERVER_NAME} =localhost
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
(I've replaced the domain with example.com -- they're not like that in htaccess or the vhost.)
.htaccess is certainly not disabled, if I make a redirect it works just fine, for example:
Redirect 301 /test https://example.com/test
and...
root#server:~# a2enmod rewrite
Module rewrite already enabled
I've never experience any similar issues with my web-server before, and I'm really puzzled as to why the issue is occurring.
You don't actually state what is happening (errors? response codes? etc.), however, there are a few issues with your config with respect to extensionless URLs.
Options +Indexes +Includes +FollowSymLinks +MultiViews
You are explicitly enabling MultiViews in your server config, however, this is going to conflict with the mod_rewrite directives in .htaccess that attempt to append the file extension. MultiViews needs to be disabled. eg. -MultiViews (not +).
However, you are also enabling directory indexes (Indexes) and server-side-includes (Includes) for some reason? Is this intentional? And, rather confusingly, you are setting different options for your www subdomain than for the domain apex?
In the vHost container it is often preferable to state just the options needed. For example:
Options FollowSymLinks
(This naturally disables MultiViews by not setting it.)
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php [NC,L]
These mod_rewrite directives in .htaccess to append the file extension are not strictly correct. Whilst they may work for your "valid" URLs, a malicious user could construct a URL of the form /index/<anything> that would otherwise map to /index.php, to trigger a rewrite-loop (500 Internal Server Error)*1.
These should be written like this instead (assuming your .htaccess file is in the document root) to avoid this vulnerability:
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{DOCUMENT_ROOT}/$1.php -f
RewriteRule (.*) $1.php [L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{DOCUMENT_ROOT}/$1.html -f
RewriteRule (.*) $1.html [L]
The literal dot does not need to be escaped in the TestString (first argument to the RewriteCond directive) since this is a "string", not a regex. The NC flag is not required here.
If your URLs themselves don't contain "file extensions" then you can optimise the above by not testing URLs that already look like they have a file extension. For example:
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_URI}.php -f
RewriteRule !\.\w{2,4}$ %{REQUEST_URI}.php [L]
The negated regex !\.\w{2,4}$ only matches URLs that don't contain - what looks like - file extensions. A file extension in this context is a sequence of 2 to 4 letters/digits at the end of the URL-path, preceded by a dot.
*1 See my answer to the following ServerFault question that goes into more detail regarding the potential rewrite-loop and resulting 500 error response:
https://serverfault.com/questions/989333/using-apache-rewrite-rules-in-htaccess-to-remove-html-causing-a-500-error
Related
Hey,
I am trying to make my url a bit prettier with apache mod_rewrite.
html (root)
css
js
layout
sites (folder)
profil.php
work.php
index.php
At the moment my url looks like this:
https://example.com/sites/profil.php
https://example.com/sites/work.php
And I want that it looks like this:
https://example.com/profil
https://example.com/work
How can I can I overwrite the "sites folder" so, there is none and is it possible to remove the .php extension?
Thats how my apache config looks like:
<VirtualHost example.com>
DocumentRoot /var/www/example.com/html
ServerName example.com
ServerAlias www.example.com
<Directory "/var/www/example.com/html">
allow from all
Options None
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com [OR]
RewriteCond %{SERVER_NAME} =www.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
Do I need to edit my links after that change in my files?
Here are your mod rewrite rules
# Rewrite --- https://example.com/sites/profil.php => https://example.com/profil
RewriteRule ^profil$ sites/profil\.php [NC,L]
# Rewrite --- https://example.com/sites/work.php => https://example.com/work
RewriteRule ^work$ sites/work\.php [NC,L]
enter this into your .htaccess in the right location and give it a try.
<VirtualHost example.com>
DocumentRoot /var/www/example.com/html
ServerName example.com
ServerAlias www.example.com
<Directory "/var/www/example.com/html">
allow from all
Options None
Require all granted
</Directory>
RewriteEngine on
RewriteCond %{SERVER_NAME} =example.com [OR]
RewriteCond %{SERVER_NAME} =www.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
RewriteRule ^sites/profil\.php$ /profil?&%{QUERY_STRING}
RewriteRule ^sites/work\.php$ /work?&%{QUERY_STRING}
</VirtualHost>
Sorry if asked before, i tried googling it, but without succes.
Anyway, i use some devices that send a POST to a website, which does something with it and returns something. However, when i set the device to go to www.url.com/notexistingfolder, it redirects to the https site and gives a 302 to the device, which it can not handle.
Problem is, all other traffic(users going to the website) must be redirected to that HTTPS site.
How can i set it so that all posts that are not going to the root get a 404?
The devices can't handle HTTPS, so unfortunatly, using errorDocument 404 /var/www/url/somefile.php doesn't work.
Part of my apache config:
<VirtualHost *:80>
ServerAdmin server-admin#url.nl
ServerName url.eu
ServerAlias url.eu *.url.eu
ErrorDocument 404 https://url.eu/
DocumentRoot /var/www/url/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /var/www/url/>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
Allow from all
RewriteEngine on
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} ^/$
RewriteRule ^$ - [L]
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/soap/? [NC]
RewriteCond %{REQUEST_URI} !^/wiki/? [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
</Directory>
Alias /wiki/ "/var/www/wiki/"
<Directory /var/www/wiki/>
#php_admin_value mbstring.func_overload 0
AllowOverride All
RewriteEngine on
RewriteCond %{HTTPS} off
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [R,L]
</Directory>
From Marco's edit to his own question.
EDIT: Never mind, I think I found a solution to give a 404 for anything going to a path:
RewriteCond %{REQUEST_URI} ^/*
RewriteRule ^ - [L,R=404]
RewriteCond %{REQUEST_URI} ^/*
RewriteRule ^ - [L,R=404]
Might work, will be tested after the weekend due to vacation and the testserver not being ready yet.
I set up a local Laravel server for developement and push changes through Git to my production server.
I made a new Laravel project that i pused ok. Then i added php artisan make:auth on my local server and pushed to production but get 404 cant find login (or register). After some work I found out that:
www.mySite.com/login
can not be found but if I write
www.mySite.com/index.php/login it works.
So now I think I have to modify my htaccess to ignore the index.php but I cant get it to work. I tried some suggestions but none seems to work and I don't have a clue why it is not working.
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
RewriteBase Test/public/
* RewriteCond %{THE_REQUEST} /index\.php [NC]
* RewriteRule ^(.*?)index\.php$ /$1 [L,R=302, NC, NE]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^(.*)/$ /$1 [L,R=301]
RewriteRule ^ %1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
The two lines marked with * I tried to add after reading a suggestion here on Stack Overflow (cant find the link now). I also tried
htaccess remove index.php from url
this suggestion.
Any ideas? Thanks.
Edit:
My sites-enabled/000-default.conf looks like this:
<VirtualHost *:80>
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/Test/public
<Directory /var/www/html/Test/public>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
RewriteEngine on
RewriteCond %{SERVER_NAME} =nfoscan.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
and my 000-default-le-ssl.conf Looks like this:
<IfModule mod_ssl.c>
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port that
ServerAdmin webmaster#localhost
DocumentRoot /var/www/html/Test/public
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLCertificateFile /etc/letsencrypt/live/mysite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mysite.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ServerName mysite.com
</VirtualHost>
</IfModule>
I removed the comments in configs..
I tried to add
<Directory /var/www/html/Test/public>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
to my 000-default-le-ssl.conf but it resulted in internal server error..
First check if your apache has enabled mod_rewrite you can do it easily by
typing
apache2 -M
or even simpler:
a2enmod rewrite
if you had enabled it already you will receive message:
"Module rewrite already enabled"
If you haven't then you will receive message:
"Enabling module rewrite". You will have to restart apache.
Check if you have in you htaccess line (AllowOverride All)
<Directory /var/www/html/project/>
Options FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
Ok so I fixed it. There was some problem in my .htaccess file. I started with removing the .htaccess file in /Test/public and then I didnt get internal server error when messing with in 000-Default-le-ssl.conf file anymore. Then I just copied in another .htaccess file in the directory and it all worked as it should :O
Thanks to all who tried to help me!
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
</IfModule>
Posting the working .htaccess file if anyone ever have this problem again :)
I have Apache 2.4 running on Windows Server 2012 with PHP 5.6.23 on port 8080.
Assume that the domain to my server is "serv1.example.com" I need to run 3 Laravel instances production,staging and dev using the following links
serv1.example.com:8080/production
serv1.example.com:8080/staging
serv1.example.com:8080/dev
I found another SO question which seems to be doing the same thing. But when I tried to do the same thing I get the following error
Forbidden
You don't have permission to access /dev on this server.
Here is what I have done so far. In my httpd-vhosts.conf file I added the following VirtualHost
<VirtualHost *:8080>
ErrorLog "logs/dev-error.log"
CustomLog "logs/dev-access.log" common
DocumentRoot "C:\www\dev\public"
ServerName serv1.example.com
ServerAlias /dev
<Directory "C:\www\dev">
Options Indexes Includes FollowSymLinks MultiViews
AllowOverride AuthConfig FileInfo Indexes
Order allow,deny
Allow from all
</Directory>
</VirtualHost>
Then I changed c:\www\dev\public\.htaccess the code to the following
<IfModule mod_rewrite.c>
#Options -MultiViews
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /dev/index.php/?$1 [L]
</IfModule>
What did I do wrong here? how can I access each instance using the same domain?
Try This one, in your Apache configure file /etc/apache2/sites-available
<VirtualHost *:8080>
ServerName serv1.example.com
ServerAlias serv1.example.com
DocumentRoot "C:/www/dev/public"
# Rewrites for pretty URLs, better not to rely on .htaccess.
<Directory "C:/www/dev/public">
Options All
AllowOverride All
Require all granted
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
</Directory>
# Log file locations
LogLevel warn
ErrorLog "logs/dev-error.log"
CustomLog "logs/dev-access.log" common
And in your c:\www\dev\public\.htaccess
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
# Redirect Trailing Slashes...
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
I hope this would work. for more information follow these links.Multiple laravelsites on single apache server , multiple web sites in single laravel installation
This project is on yii 1.1. I setup the project under htdocs folder. It redirects too many times. I also setup a virtual host for it.
<VirtualHost *:80>
DocumentRoot "C:/xampp/htdocs/message_board"
ServerName message_board.dev
ServerAlias www.message_board.dev
<Directory "c:/xampp/htdocs/message_board">
Options Indexes FollowSymLinks
Order allow,deny
Allow from all
</Directory>
Here is the .htaccess code
Options +FollowSymLinks
RewriteEngine on
# if a directory or a file exists, use it directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# if request is not for the /sts/
RewriteCond %{REQUEST_URI} !^/sts/ [NC]
# otherwise forward it to index.php
RewriteRule . index.php
Try to make below changes.
Changes into virtual host file:
<Directory "c:/xampp/htdocs/message_board">
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
.htaccess changes:
Options -Multiviews
Options +FollowSymLinks
RewriteEngine on
RewriteBase /
# if a directory or a file exists, use it directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# otherwise forward it to index.php
RewriteRule . index.php