When someone hits my site root folder (www.myDomain.com) and the Index.php page gets it after that, how can I forward HTTP_REFERER to the Index.php page so I can record it?
I have this but No Joy.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^mydomain.com [NC]
RewriteRule ^/?index.php?%{HTTP_REFERER}$ mydomain.com/ [L,R]
Thanks
Make sure apache mod_rewrite is enabled. Then redirect with:
<IfModule mod_rewrite.c>
# Make sure url's can be rewritten.
RewriteEngine on
# Redirect requests that are not files or directories to index.php.
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ index.php [L]
</IfModule>
This is how most CMS's do it. this does mean if they write the direct path to a file they will see that file. So you will want to precede this with something like:
# Prevent direct access to these file types.
<FilesMatch "\.(sql|md|sh|scss|rb|conf|rc|tpl(\.php)?|lib(\.php)?|wig(\.php)?|pg(\.php)?|reg(\.php)?|db(\.php)?)$">
Require all denied
</FilesMatch>
This means that they can not access the file extensions listed above. You can replace the last few with just rc|php but I allow access to .php files not proceeded with .lib so I can do scripts protected by browser authentication for debugging and silver bullet database repairs.
You must also have something like this in your apache config that allows the .htaccess to be read in your sites directory.
<Directory "C:/Sites">
AllowOverride All
</Directory>
Related
Bit of an odd one and I feel it must be answered but I can't seem to find it.
I have the following in my .htaccess file on a custom PHP site (NOT WORDPRESS):
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{QUERY_STRING} ^$
RewriteRule ^(contact|gallery|links)$ $1.php [L]
I cannot work out why "gallery" only is giving me a 403.
example.com/links
example.com/contact
Both work as expected and go to the desired pages. However
example.com/gallery
Redirects to
example.com/gallery/
And throws the 403 Forbidden error
gallery.php is a page and can be accessed from the same URL
There's nothing on gallery.php to redirect or check a query string or compare the URI. I cannot understand it.
Really flying blind on .htaccess stuff (always have), so any help greatly appreciated. What am I doing wrong?!
Also, tested it on https://htaccess.madewithlove.com/ and it said my work was correct, so really don't understand what it's finding incorrect. Why does it think gallery is a subfolder, not a URL?
And I have JUST realised, I do actually have a gallery folder, so if anyone can tell me how to use the htaccess to access the page and not the folder, I'd greatly appreciate it! If it helps, there's a .htaccess in the gallery folder to prevent direct access to images:
Options -Indexes
Options -ExecCGI
# AddHandler cgi-script .php .php3 .php4 .phtml .pl .py .jsp .asp .htm .shtml .sh .cgi
<Files ^(*.jpeg|*.jpg)>
order deny,allow
deny from all
</Files>
<FilesMatch "\.(jpe?g)$">
order allow,deny
allow from all
</FilesMatch>
Would they be conflicting?
Since gallery is a physical directory, you will need to set DirectorySlash Off in order to prevent mod_dir appending the trailing slash via a 301 external redirect. (This redirect gets cached persistently by the browser, so you will need to clear your browser cache before continuing.)
Note, however, that when disabling the DirectorySlash, you must also ensure that Options -Indexes is also set to prevent mod_autoindex from generating directory listings when the trailing slash is omitted from a directory, since a DirectoryIndex document in that directory will no longer prevent the directory listing being generated. See the security warning under the DirectorySlash directive in the Apache Docs.
You may also need to set RewriteOptions AllowNoSlash to allow mod_rewrite to match directories that have no trailing slash.
You then need to modify your existing rule...
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{QUERY_STRING} ^$
RewriteRule ^(contact|gallery|links)$ $1.php [L]
Remove the first two RewriteCond directives. They aren't required since you are wanting to rewrite 3 specific URLs. If any of the conditions fail then the rewrite does not occur.
If contact, gallery or links happen to exist as physical files (very unlikely) or directories (gallery is a directory it seems) then the rewrite does not occur.
Summary
DirectorySlash Off
Options +FollowSymlinks -Indexes
RewriteEngine On
RewriteOptions AllowNoSlash
RewriteCond %{QUERY_STRING} ^$
RewriteRule ^(contact|gallery|links)$ $1.php [L]
I'm trying to adapt the .htaccess file in the root of my CodeIgniter installation so I don't have to include index.php in all the URLs leading to my controllers.
This is the content of my .htaccess file:
<IfModule authz_core_module>
Require all granted
</IfModule>
<IfModule !authz_core_module>
Deny from all
</IfModule>
DirectoryIndex login.php
RewriteEngine On
RewriteCond $1 !^(index\.php)
RewriteCond $(REQUEST_FILENAME) !-f
RewriteCond $(REQUEST_FILENAME) !-d
RewriteRule ^(.*)$ ./index.php/$1
As you can see, it's the default .htaccess file with some rewrite rules for mod_rewrite and a DirectoryIndex directive appended to it. Mod_rewrite is enabled (I've checked this using apachectl -M).
Now, I'm running Apache 2.4.18 on Ubuntu 16.04 LTS and I am using CodeIgniter 3.1.6. The problem is that when I type in no URL I get redirected to CodeIgniters index.php instead of my wanted login.php. I'd rather get the DirectoryIndex directive working instead of transferring the contents of login.php into index.php for obvious reasons. My mod_rewrite rules are meant to route URLs to existing files "through" index.php without having to include index.php in their URL. This way, my URLs are cleaner but I can still use CodeIgniter's facilities.
My master Apache configuration obviously allows me to use .htaccess files (since CodeIgniter needs this too) and the URL rewrite directives work just fine. Why does the DirectoryIndex not seem to do anything no matter where I place it inside the file?
Check out if you have AllowOverride instruction set to All -- it controls if .htaccess file has any power.
There are the answers on how to set it: How to Set AllowOverride all
I fixed the problem but not in an elegant way.
It appears to me that mod_rewrite just doesn't work (correctly) when you use it in a .htaccess file of a subdirectory of your DocumentRoot.
My CodeIgniter installation was in a subdirectory called "CodeIgniter" inside the DocumentRoot. I made two .htaccess files:
DocumentRoot/.htaccess:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %1 !^index.php
RewriteRule ^(.*)$ /CodeIgniter/index.php [L]
DocumentRoot/CodeIgniter/.htaccess:
<IfModule authz_core_module>
Require all granted
</IfModule>
<IfModule !authz_core_module>
Deny from all
</IfModule>
Options FollowSymLinks
DirectoryIndex login.php
This seems to be doing the trick for me
Moral of the story: do all of your URL rewriting using mod_rewrite in the .htaccess located directly in your DocumentRoot
How would I configure my .htaccess file if I want all requests to always load a core template selection file. I believe this could be good for a few reasons the first of which being security. Only if my php template selection code flags a file as safe for display will it display. Also, it allows me to build some interesting cms functionality like requiring a php metadata array in order to load the template file. How could I accomplish this?
Also, do you think it is practical to choose this method over others?
You can use this rule in your root .htaccess to make core/template.php your front controller:
RewriteEngine on
RewriteBase /
RewriteRule ^core/template\.php$ - [L,NC]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . core/template.php [L]
EDIT: If you want even real files to be routed to same controller use last rule as:
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule !\.(jpe?g|ico|gif|bmp|png|tiff|css|js)$ core/template.php [L,NC]
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteBase /
RewriteRule ^(.*)$ /index.php
</IfModule>
Make sure that inside the httpd.conf this line isn't commented:
LoadModule rewrite_module modules/mod_rewrite.so
(It should be without the '#' at the beginning)
And this is my directory tag (I'm using wamp but it should be the same, and of course restart the apache server if you changed something there)
<Directory />
Options FollowSymLinks
AllowOverride All
Order deny,allow
Allow from all
</Directory>
Hello I am using the following htaccess
<IfModule mod_rewrite.c>
Options +FollowSymLinks
Options -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php/$1 [L]
</IfModule>
For doing the laravel routing.
When I surf to example localdevurl/public/users I get the following error ( 404 )
Not Found
The requested URL /Users/username/Sites/sitefolder/public/index.php/user was not found on this server.
But as u see it shows the index.php in the error. When I put index.php in my url it does work indeed. I have turned on everything in my apache config.
httpd.conf
Can anyone see what I am doing wrong here?
In your .htaccess file, you are passing the request after the index.php part, instead of allowing laravel routing system to process it, this is:
RewriteRule ^(.*)$ index.php/$1 [L]
should be as the original .htaccess
RewriteRule ^ index.php [L]
I had the same problem with the index.php part, this is how I solved: There is a problem when you have userdir module enabled, which it seems to be the case based on the URL of the error message.
Possible solutions:
Create a symlink in the webserver folder to the public laravel project folder of the user web directory. e.g.: # ln -s ~/public_html/mylaravel4/site/public/ /var/www/mycoolsite
Then you can access http://localhost/mycoolsite
Replace RewriteCond and RewriteRule lines with this: FallbackResource /index.php
Make sure you have AllowOverride set to All instead of None for you particular vhost, and also set Order allow, deny rather than Order deny, allow in httpd.conf.
AllowOverride all
Order allow, deny
I have apache & PHP on my local windows machine and my .htaccess rules work fine. I uploaded all my files to my Linux server and get different results. I have complete control of my Linux VPS. It isn't shared hosting or anything.
I created a file showme.php that all requests should go to. showme.php just outputs some $_SERVER variables just so I know it worked. But every request to the server gives me the 404 not found. The same request locally serves up showme.php like it should.
-Local example: http://localhost/somepage (I get the correct page rendered by showme.php)
-Server example: http://mydomain.com/somepage (I get a 404 message)
Here is my .htaccess file. I can't figure out why I get different results. Something with file permissions?
# AddType x-mapp-php5 .php
# AddHandler x-mapp-php5 .php
RewriteEngine on
Options +FollowSymlinks
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . showme.php [L]
ErrorDocument 404 /page-unavailable/
<files ~ "\.tpl$">
order deny,allow
allow from none
deny from all
</files>
If you use phpinfo() and do a search for mod_rewrite (usually under configuration) you will be able to tell if you have the ability to use RewriteRules. This is usually why you see IfModule wrapped around your rewrites:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . showme.php [L]
</IfModule>
The answer was that in my httpd.conf I needed AllowOverride All set in one certain place. It was there in certain directories but I guess not as default..