I have a wordpress site with the following .htaccess file:
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
However, it will show 200 OK response (with showing the "Media Library" page in wordpress) with the following url:
http://localhost/wp-admin/upload.php/user-new.php/66868
It's intepreting upload.php file which exist, but the ideal response should be 404 where /user-new.php/66868 does not exist
Any idea on this ?
This is the effect of the “path info” feature.
Apache realizes that /wp-admin/upload.php exists as a physical file, so it serves up that, and passes the rest of the requested URL on in the PATH_INFO environment variable.
AcceptPathInfo is the name of the directive you can use to turn this off.
Related
I have Wordpress site set up on the route of my ftp server, I am trying to add PressKit() to my site in the directory /Press . This uses an index.php file to display the html, however wordpress seems to show a 404 error when trying to access it. I have tried adding a .htaccess to the subdirectory, but with no luck.
I'm wondering how to prevent the 404 error from displaying? As I am certain the page is there, as a few times when I use the full url (including index.php) it will open, but only on my machine.
Apologies if this is simple, web dev isn't really my field.
Cheers.
Edit: Works now, but case sensitive
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
# Include in the next line all folders to exclude
RewriteCond %{REQUEST_URI} !(Press) [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
Open the .htaccess file, in the root of your WordPress installation (not the sub-folder), and look for the #BEGIN WORDPRESS block. You can replace it with this
# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
# Include in the next line all folders to exclude
RewriteCond %{REQUEST_URI} !(Press|folder2) [NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
# END WordPress
You can add more folders for WordPress to ignore, using the pipe | where you currently see the words Press|folder2. You may also remove the "folder2" reference, that's just an example
I've taken over a former site/domain, and set up a new site using Wordpress. The WP installation rewrites URL's to static ones, as you'd expect it to.
At the same time I want to preserve the former pages, as they have incoming links. I'm not interested in 301'ing them to "new" pages.
The old URL structure is /index.php?id=123, which I suspect is causing the problem with the WP .htaccess file. For reference, this is what it looks like:
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
I've tried adding the following:
RewriteRule ^([0-9]+).html index.php?id=$1 [R,L]
Doesn't work. Just redirects to site.com/?id=123 and shows the front page.
I should add that I plan on just adding these new pages as regular static HTML files in the format of 123.html, 321.html etc.
How do I use .htaccess to make this work together with the WP installation and what WP puts into the .htaccess file?
To clarify:
I want to have my 123.html static HTML page be index.php?id=123. When you access index.php?id=123 it should bring up 123.html, but show index.php?id=123 in the address bar. If you access 123.html it should 301 to index.php?id=123.
To map an URL with a querystring up to an actual file you'll need to use a RewriteCond to match the querystring itself (as RewriteRule doesn't):
Something along these lines ought to do it:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
# retrieve X.html when index.php?id=X is requested
RewriteCond %{REQUEST_FILENAME} index\.php
RewriteCond %{QUERY_STRING} ^id=([0-9]+)$
RewriteCond %1.html -F
RewriteRule .* %1.html? [L]
# standard WordPress routing
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
This will first check to see if you've got a request for index.php with a querystring like id=X.
Then it'll check to see if a file called X.html actually exists; I'm not 100% happy about having to use the more system hungry subrequest file check -F rather than the standard -f but I can't see a way around it in .htaccess in this case.
If X.html actually exists, it'll fetch that file whilst leaving the URL as index.php?id=X.
However if that file doesn't exist it'll fall back to standard WordPress no file, no directory routing to index.php
I'm not a WordPress expert but that should work; I guess the main WordPress controller uses $_SERVER['REQUEST_URI'] to determine the action.
Note: This won't, however, prevent people from accessing 123.html directly by going to the URL www.site.com/123.html - I kept falling into infinite loops and Apache 500 errors trying to prevent that :|
I have a sitw built using codeigniter using htaccess. But on some requests are really strange. The include one specific file(trough codeigniter) at the begginning. This happens really often, if cache is tured off. It happens with different files and doens't matter if the file is on filesystem or request goes trough codeigniter. I guess there something up with htacccess, but i'm not sure.I'll include htaccess and screenshot from fiddler on the bottom:
<IfModule mod_rewrite.c>
RewriteEngine on
#Options -Indexes
#Force non-www
RewriteCond %{HTTP_HOST} ^www\.(.*)
RewriteRule ^(.*)$ http://%1/$1 [R=301,L]
#If image, javascript or css file does not exists, then try application folder
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(images|js|css)/(.*)$ ./application/$1/$2 [L]
#If javascript or css file exists, send it to minifier
RewriteCond %{REQUEST_FILENAME} -f
RewriteRule ^(.*)(\.(js|css))$ ./standalone/min/?f=$1$2 [L]
#If isn't file or folder then send it to codeigniter
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ ./index.php?/$1 [L]
</IfModule>
<IfModule !mod_rewrite.c>
ErrorDocument 404 ./index.php
</IfModule>
And as you can see original request is to top-bar-large.png and echoing $_SERVER out from coudeigniter, shows "upper request" is to parim.js. And parim.js should javascript file after all. Any ideas?
PHP_SELF is index.php... so it seems like you are be getting a CI error page on which the js files are included.
By default, codeigniter comes with an .htaccess file in the application directory with Deny all; so anything in those folders will not be publicly accessible (including your images folder in there) unless you've modified it.
Also, make make sure the images exist.
First of all, thanks for RESTLER Framework, it is wonderful!
I've set up Restler API on "http://api.odience.net/" .
Restler responds with correct response body but returns a 404 status code if I don't include index.php in the url. I've set up the .htaccess file as said in the examples but I can't figure out why it doesn't reply with the correct status code.
Example:
*- Accessing /sandbox/about/products/en.json (and passing some GET variables + calling the about method of sandbox.php) returns a 404 header even if the body data returned is correct!
*- If we add the "index.php" file to the url, headers are fine!
Try:
Access /index.php/sandbox/about/products/en.json (with same GET vars)
Here is my detailed .HTACCESS file for the Restler root directory:
## Can be commented out if causes errors.
Options +FollowSymLinks
<IfModule mod_rewrite.c>
RewriteEngine On
## Begin - Rewrite rules to block out some common exploits.
# If you experience problems on your site block out the operations listed below
# This attempts to block the most common type of exploit `attempts` to Joomla!
#
# Block out any script trying to base64_encode data within the URL.
RewriteCond %{QUERY_STRING} base64_encode[^(]*\([^)]*\) [OR]
# Block out any script that includes a <script> tag in URL.
RewriteCond %{QUERY_STRING} (<|%3C)([^s]*s)+cript.*(>|%3E) [NC,OR]
# Block out any script trying to set a PHP GLOBALS variable via URL.
RewriteCond %{QUERY_STRING} GLOBALS(=|\[|\%[0-9A-Z]{0,2}) [OR]
# Block out any script trying to modify a _REQUEST variable via URL.
RewriteCond %{QUERY_STRING} _REQUEST(=|\[|\%[0-9A-Z]{0,2})
# Return 403 Forbidden header and show the content of the root homepage
RewriteRule .* index.php [F]
#
## End - Rewrite rules to block out some common exploits.
##
# Uncomment following line if your webserver's URL
# is not directly related to physical file paths.
# Update Your API Directory (just / for root).
##
RewriteBase /
#
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
#
# If the requested path and file is not /index.php and the request
# has not already been internally rewritten to the index.php script
RewriteCond %{REQUEST_URI} !^/index\.php
# and the request is for something within the reg server folder,
# or for the site root, or for an extensionless URL, or the
# requested URL ends with one of the listed extensions
RewriteCond %{REQUEST_URI} /server/|(/[^.]*|\.(php|html?|json|xml|feed|pdf|vcf|raw))$ [NC]
# and the requested path and file doesn't directly match a physical file
RewriteCond %{REQUEST_FILENAME} !-f
# and the requested path and file doesn't directly match a physical folder
RewriteCond %{REQUEST_FILENAME} !-d
# internally rewrite the request to the index.php script
RewriteRule ^.*$ index.php [QSA,L]
#
</IfModule>
To secure Restler framework, the Restler library files are not available to the web and the API_ROOT/index.php file includes them automatically with a "require_once" command.
Please advise how to make this setup work as expected?
Change %{REQUEST_FILENAME} in .htaccess file to %{DOCUMENT_ROOT}%{REQUEST_FILENAME} (it worked for me) Below is my .htaccess file content. HTH
RewriteEngine On
RewriteBase /
RewriteRule ^$ index.php [QSA,L]
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-f
RewriteCond %{DOCUMENT_ROOT}%{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [L,QSA]
I use the following .htaccess code to enable friendly URLs in a website.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?$1 [L]
</IfModule>
The code works fine with a small exception. When I request a file in the browser (i.e. an image), the browser loads it (as I would expect), but along with that index.php gets executed.
I wonder why.
It turned out the browser was making GET /favicon.ico requests and since there was no file with that name on the server, based on the rules in the .htaccess file, the requests were redirecting to /index.php.