I'm having some troubles getting my htaccess rules to work in the intended way. My goal is to redirect any user from example.com to their intended destination that they accessed. However, if the user's referrer is not example.com, I would like it to redirect to a page on my site.
Correct referrer? > URL accessed
Incorrect/unset referrer? > Login page.
My current .htaccess file looks like this:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)*example\.com [NC]
RewriteRule ^(.*)$ http://example.net/login.php [R=301]
RewriteCond %{HTTP_REFERER} ^https?://([^.]+\.)*example\.com [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
However this results in a redirect loop.
Am I doing something wrong here? Any help would be greatly appreciated.
Thanks
Related
I have a registration page from my website portal but I want to allow it to be loaded only if the previous domain was the PayPal domain (for example). That way I would garantee that even if a bot scanned my WordPress instance (which is not difficult), it could not register.
I know that mod_rewrite can prevent hotlinking, and allow specific domains to load that content.
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?mydomain.com [NC]
RewriteRule \.(jpe?g|gif|bmp|png)$ https://example/404.jpg [NC,L]
But is it possible using a normal URL? That is, not a file, but a page?
You could use (assuming your registration link is, e.g. /wp-login.php?action=register)
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?paypal.com [NC]
RewriteCond %{QUERY_STRING} ^action=register$
RewriteRule ^wp-login.php index.php [NC,L]
..to redirect to index.php if someone tried to register without coming from paypal (headers can be spoofed, of course)
Yes, you can use the HTTP_REFERER for any URL. Add this to your .htaccess:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?paypal.com [NC]
RewriteCond %{REQUEST_URI} ^/your-registration-url$ [NC]
RewriteRule ^your-registration-url$ https://website.com/404 [R=301,L]
That would redirect anyone visiting your registration URL not having paypal.com as the referrer to a website.com/404 or whatever page you choose to redirect them to.
hoping you could give me some help. I'm trying to re-direct:
http://jaffajava.com/oldsite
To
http://jaffajava.com/oldsite/store
What I've tried so far:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^jaffajava\.com/oldsite\$
RewriteRule (.*) http://www.jaffajava.com/oldsite/store\$1 [R=301,L]
Any help on correcting my syntax/code?
Thanks!
HTTP_HOST variable only matches domain name in the request. You can use:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^jaffajava\.com$ [NC]
RewriteRule ^oldsite(/.*)?$ http://www.jaffajava.com/oldsite/store$1 [R=301,L,NC]
Why redirection? Just set new home page, in Configuration -> System -> Site information
One of my site is redirected to another site like this :
http://cccc-xyz.ch is redirected to http://abc.ch
Now want if the redirection is coming from http://cccc-xyz.ch, it should redirect to http://abc.ch/cccc-xyz-page by writing htaccess in http://abc.ch.
I believe this should work
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://cccc-xyz.ch [NC]
RewriteRule ^ http://abc.ch/cccc-xyz-page/ [L,R]
I'm trying to do a redirect if a user goes to (the book_id and course_id numbers aren't constant):
www.mydomainname.com/admin_stuff/add_student.php?book_id=20&course_id=30
to a secure link using:
RewriteEngine on
RewriteCond %{QUERY_STRING} ^book_id=([0-9]*)&course_id=([0-9]*)$
RewriteRule add_student.php https://mydomainname.com/admin_stuff/add_student.php?%1 [R=301,L]
where the redirect is placed in an .htaccess file inside of the admin_stuff folder.
While a redirect occurs, it goes to:
https://mydomainname.com/admin_stuff/add_student.php?1
instead of
https://mydomainname.com/admin_stuff/add_student.php?book_id=20&course_id=30
Any help pointing me in the right direction would be appreciated.
Eric
Change your .htaccess code to
RewriteEngine on
RewriteCond %{QUERY_STRING} ^book_id=([0-9]*)&course_id=([0-9]*)$ [NC]
RewriteRule add_student.php https://%{HTTP_HOST}%{REQUEST_URI} [R=301,NC,L]
This makes sure that nothing else about the URL gets changed except its protocol.
We only want users from a specific website to use our services. Is there a way to redirect all traffic that does not come from a specific referrer, to a website of our choosing, via htaccess?
Also, this is for the first page only. So if they get to our site, they're going to browse a new page, and their referrer for the new page would apparently be the site they are already on.
Thank you!
Try adding this in the htaccess file in your document root:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://the-ok-domain.com [NC]
RewriteRule ^/?first-page.html$ http://the-website-of-your-choosing.com/ [L,R]
You could also make it so you add your own domain to the referer check:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://the-ok-domain.com [NC]
RewriteCond %{HTTP_REFERER} !^http://your-domain.com [NC]
RewriteRule ^ http://the-website-of-your-choosing.com/ [L,R]
Then you can include all of your pages in the check.
Note that referers can be easily forged and any htaccess file using mod_rewrite in any of your subdirectories will supercede these rules (unless those htaccess files have the RewriteOptions inheret option set)
Didn't work for me, I've made this small change to redirect traffic from google:
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^(.*)\.google\.(.*) [NC]
RewriteRule ^(.*)$ https://www.my-site.it/$1 [L,R]