How to deny access to a file - php

I want to deny access to the file via browser
like if someone try to access www.site1.com/log.txt
it should redirect him to www.site1.com/site.html
<Files log.txt>
Order allow,deny
Deny from all
Redirect http://site1.com/site.html
</Files>

You can do this using a simple redirection rule:
RewriteEngine on
RewriteRule ^/?log\.txt$ /site.html [R=301]
However this is questionable, it is an attempt to cure a sympton instead of fixing the cause. Ask yourself this question: why is that file located in exactly that part of the server side file system that you explicitly publish? Such internal files belong outside the area published by the http server.
Another approach, if you really cannot separate published and not published files, is to internally rewrite all requests to some routing script which allows for a lot of flexibility.
If you want to proceed with above approach then consider these additional hints:
It is a good idea to start out with a 302 temporary redirection and only change that to a 301 permanent redirection later, once you are certain everything is correctly set up. That prevents caching issues while trying things out...
This rule will work likewise in the http servers host configuration or inside a dynamic configuration file (".htaccess" file). Obviously the rewriting module needs to be loaded inside the http server and enabled in the http host. In case you use a dynamic configuration file you need to take care that it's interpretation is enabled at all in the host configuration and that it is located in the host's DOCUMENT_ROOT folder.
And a general remark: you should always prefer to place such rules in the http servers host configuration instead of using dynamic configuration files (".htaccess"). Those dynamic configuration files add complexity, are often a cause of unexpected behavior, hard to debug and they really slow down the http server. They are only provided as a last option for situations where you do not have access to the real http servers host configuration (read: really cheap service providers) or for applications insisting on writing their own rules (which is an obvious security nightmare).

Related

Serve website from different directory based on URL string parameter

I would like to learn if I can serve the website from 2 different versions according to URL string parameters.
Example:
I have two installs on my server: domain.com/website-1/ & domain.com/website-2/
if end-user visits domain.com/main/?showads=yes —> serve website as domain.com/website-1/
İf end-user visits domain domain.com/main/ —> serve website as domain.com/website-2/
Note: this is not a redirection question, I just want to serve with the same URL.
p.s. I’m running a WordPress website on an Apache server.
I’m open to any solution via PHP, WordPress, or Apache (.htaccess) config.
Thanks a lot
You need to use a condition to evaluate the query string:
RewriteEngine on
RewriteCond %{QUERY_STRING} (?:^|&)showads=yes(?:&|$)
RewriteRule ^/?(.*)$ /website-1/$1 [END]
RewriteRule ^/?(.*)$ /website-2/$1 [END]
In case you receive an internal server error (http status 500) using the rule above then chances are that you operate a very old version of the apache http server. You will see a definite hint to an unsupported [END] flag in your http servers error log file in that case. You can either try to upgrade or use the older [L] flag, it probably will work the same in this situation, though that depends a bit on your setup.
This implementation will work likewise in the http servers host configuration or inside a distributed configuration file (".htaccess" file). Obviously the rewriting module needs to be loaded inside the http server and enabled in the http host. In case you use a distributed configuration file you need to take care that it's interpretation is enabled at all in the host configuration and that it is located in the host's DOCUMENT_ROOT folder.
And a general remark: you should always prefer to place such rules in the http servers host configuration instead of using distributed configuration files (".htaccess"). Those distributed configuration files add complexity, are often a cause of unexpected behavior, hard to debug and they really slow down the http server. They are only provided as a last option for situations where you do not have access to the real http servers host configuration (read: really cheap service providers) or for applications insisting on writing their own rules (which is an obvious security nightmare).

301 redirect, change parameter in url, same domain and file

I have duplicate problem so I need to do some redirects,
I understand as there are parameters I need to use Query_String, however as I don't want to change page, only the parameters, I have no idea
I need to change a url like this:
/svenska/utflykter/tur-from.php?trop=trop&ciudad=Marbella&tour=Sevilla
to
/svenska/utflykter/tur-from.php?ciudad=Marbella&tour=Sevilla
As you can see I only want to take away trop=trop however not on all pages, only on the page in question.
Any idea, I have searched, thanks
This probably is what you are looking for:
RewriteEngine on
RewriteCond %{QUERY_STRING} (?:^|&)ciudad=([^&]+).*&tour=([^&]+)(?:&|$)
RewriteRule ^/?svenska/utflykter/tur-from\.php$ /svenska/utflykter/tur-from.php?ciudad=%1&tour=%2 [R=301,QSD]
It is a good idea to start out with a 302 temporary redirection and only change that to a 301 permanent redirection later, once you are certain everything is correctly set up. That prevents caching issues while trying things out...
This implementation will work likewise in the http servers host configuration or inside a distributed configuration file (".htaccess" file). Obviously the rewriting module needs to be loaded inside the http server and enabled in the http host. In case you use a distributed configuration file you need to take care that it's interpretation is enabled at all in the host configuration and that it is located in the host's DOCUMENT_ROOT folder.
And a general remark: you should always prefer to place such rules in the http servers host configuration instead of using distributed configuration files (".htaccess"). Those distributed configuration files add complexity, are often a cause of unexpected behavior, hard to debug and they really slow down the http server. They are only provided as a last option for situations where you do not have access to the real http servers host configuration (read: really cheap service providers) or for applications insisting on writing their own rules (which is an obvious security nightmare).

create subdomain using htaccess dynamically based on usernames

I have a problem,
I need to know how to create a subdomain dynamically.
http://example.com/user.php?id=ajithjojo
I want it to work like
http://ajithjojo.example.com/
how it's possible. I checked all of StackOverflow discussions but I didn't get a right answer what i need
This has nothing to do with the htaccess.
You could setup your webserver so that *.example.com would point to a specific public root. In that public root resides a php script that checks the database to see if the host / username should exist.
So your first URL creates a record in the database that says that ajithjojo exists.
Then when visiting the second URL, the script sees that the domain exists and then does dynamic stuff.
If it does not exist the script throws a 404 header, or redirects somewhere.
You either need to implement some logic to add virtual hosts to the apache http server (complex and questionable) or you use a default host (one that responds to all incoming requests that are not handled by existing vhosts) and implement internal rewriting rules in that one. This allows you to simply hand out references to such "subdomains" (actually host names).
Those rewriting rules could look like that:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^([^.]+)\.example\.com$
RewriteRUle ^ %{REQUEST_URI}?user=%1 [END]
Obviously you will need to adjust that to your actual setup, but it should point you into the right direction. For example you could use an implementation that evaluates the requested host instead of relying on a specific http get argument as shown above. But those are implementation details that you have to decide yourself.
In case you receive an internal server error (http status 500) using the rule above then chances are that you operate a very old version of the apache http server. You will see a definite hint to an unsupported [END] flag in your http servers error log file in that case. You can either try to upgrade or use the older [L] flag, it probably will work the same in this situation, though that depends a bit on your setup.
This implementation will work likewise in the http servers host configuration or inside a dynamic configuration file (".htaccess" file). Obviously the rewriting module needs to be loaded inside the http server and enabled in the http host. In case you use a dynamic configuration file you need to take care that it's interpretation is enabled at all in the host configuration and that it is located in the host's DOCUMENT_ROOT folder.
And a general remark: you should always prefer to place such rules in the http servers host configuration instead of using dynamic configuration files (".htaccess"). Those dynamic configuration files add complexity, are often a cause of unexpected behavior, hard to debug and they really slow down the http server. They are only provided as a last option for situations where you do not have access to the real http servers host configuration (read: really cheap service providers) or for applications insisting on writing their own rules (which is an obvious security nightmare).
Follow this tutorial to set subdomains based on usernames

Remove .php extension from just one file to use with Laravel Router

I am implementing Laravel Routing component in my own site (https://github.com/mattstauffer/Torch/tree/master/components/routing).
However, most of the site still works on classic url such as /index.php etc. I created new.php file with router and it works, i.e. if I declare get routes for /new.php/test - desired response is displayed.
However, I want to use it like this:
/new/test.
How would proper rule look like in .htaccess?
I'd say this is what you are looking for:
RewriteEngine on
RewriteRule ^/?new/(.*)/?$ /new.php/$1 [END]
In case you receive an internal server error (http status 500) using the rule above then chances are that you operate a very old version of the apache http server. You will see a definite hint to an unsupported [END] flag in your http servers error log file in that case. You can either try to upgrade or use the older [L] flag, it probably will work the same in this situation, though that depends a bit on your setup.
This rule will work likewise in the http servers host configuration or inside a dynamic configuration file (".htaccess" file). Obviously the rewriting module needs to be loaded inside the http server and enabled in the http host. In case you use a dynamic configuration file you need to take care that it's interpretation is enabled at all in the host configuration and that it is located in the host's DOCUMENT_ROOT folder.
(".htaccess"). Those dynamic configuration files add complexity, are often a cause of unexpected behavior, hard to debug and they really slow down the http server. They are only provided as a last option for situations where you do not have access to the real http servers host configuration (read: really cheap service providers) or for applications insisting on writing their own rules (which is an obvious security nightmare).

Remote URL image showing on our website

I am using Youtube video IMG.
Example link: https://i.ytimg.com/vi/aSVpBqOsC7o/hqdefault.jpg
I would like: http://cdn.mywebsite.com/vi/aSVpBqOsC7o/hqdefault.jpg
How can I do it with PHP and .htaccess?
The apache http server comes with great modules, among those is the proxy module. It offers exactly what you are looking for without the need of some scripting language or similar:
The simple and direct approach is to proxy the whole URL https://i.ytimg.com/vi/ inside your own domain space:
ProxyRequests off
ProxyPass /vi/ https://i.ytimg.com/vi/
For the documentation see: https://httpd.apache.org/docs/2.4/mod/mod_proxy.html#proxypass
Another apporach that offers more flexibility is to use the proxy module from within the rewrite module:
RewriteEngine on
RewriteRule ^/?vi/([^/]+)/(.+)$ https://i.ytimg.com/vi/$1/$2 [L,P]
For the documentation see: http://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriterule
The same effect as the first approach can also be reached by a notation which is limited to the host configuration:
ProxyRequests off
<Location /vi/>
ProxyPass https://i.ytimg.com/vi/
</Location>
Both upper approaches can be used inside the http host configuration or, if really necessary, inside dynamic configuration files (.htaccess style files). In general you should always prefer to place such rules in the host configuration. .htaccess style files add complexity, are notoriously error prone, hard to debug and they really slow down the http server. They are only provided as a last option for situations where you do not have control over the host configuration (read: really cheap hosting service providers) or if you have an application that relies on writing its own rewrite rules (which is an obvious security nightmare).

Categories