I wrote the follow .htaccess file:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>
<Files "indexbig.php">
Order Allow,Deny
Deny from all
Allow from 127.0.0.1
</Files>
I want to deny access to the file "indexbig.php" but only allow acces from the local server. Somehow this allows access to every host. Could anyone help me out?
Related
I have installed my PHP script in a directory of my website psc.af/photo after migration to another domain and in its main directory (public_html in cPanel) everything works fine but the images are not showing up. When i inspect the image link it shows mynewdomain.com/photo/images which is not and it got the photo directory from my previous installation in sub directory. So i cant see the images.
I have tried to change my app url and its fine, the only issue is missing images.
APP_NAME=Laravel
APP_ENV=local
APP_KEY=base64:cDd2jFWmOeQajBVf+UbCcCW9v0OxeZC/w+mp8qwgw0g=
APP_DEBUG=true
APP_URL=http://psc.af/
This is my .htaccess
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
Options -Indexes
<Files .htaccess>
order allow,deny
deny from all
</Files>
<Files composer.json>
order allow,deny
deny from all
</Files>
<Files composer.lock>
order allow,deny
deny from all
</Files>
<Files .env>
order allow,deny
deny from all
</Files>
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Remove index.php
RewriteCond %{THE_REQUEST} ^GET.*index\.php [NC]
RewriteRule (.*?)index\.php/*(.*) /$1$2 [R=301,NE,L]
</IfModule>
My website has the structure www.mywebsite.com/app/views/pages/dashboard.php however I wanted it to be only www.mywebsite.com/dashboard.php I tried to do this with htaccess but I'm not getting results
This is my complete htaccess
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>
Options -Indexes
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php
RewriteEngine on
RewriteRule ^dashboard\.php$ app/view/pages/dashboard.php
I have WordPress MU installed on the server and using some Mod Deflate and Caching the files and some other minor amendments in the .htaccess file and when I came across some modification for the clients, I noticed that on his server the images are served from my server.
Server Config: Plesk/CentOS - Linux Hosting
After a full research I tried placing all the available codes in the StackOverflow articles and other tutorials and sites but can't find what am doing wrong but it's not working.
.htaccess with the hotlink regex and other rewrite rules
RewriteEngine On
RewriteRule ^index\.php$ - [L]
# uploaded files
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]
# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^[_0-9a-zA-Z-]+/(.*\.php)$ $1 [L]
RewriteRule . index.php [L]
<Files wp-config.php>
order allow,deny
deny from all
</Files>
<Files .htaccess>
order allow,deny
deny from all
</Files>
<Files xmlrpc.php>
Order allow,deny
Deny from all
</Files>
# Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
If I empty my .htaccess and just keep the following code it works.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
What am I doing wrong?
You need to keep this HTTP_REFERER above all other rules. Problem is that you have rule that is rewriting all URIs to index.php. Due to that rule RewriteRule \.(jpg|jpeg|png|gif)$ fails.
Complete .htaccess:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
RewriteRule ^index\.php$ - [L]
# uploaded files
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]
# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^[_0-9a-zA-Z-]+/(.*\.php)$ $1 [L]
RewriteRule . index.php [L]
<Files wp-config.php>
order allow,deny
deny from all
</Files>
<Files .htaccess>
order allow,deny
deny from all
</Files>
<Files xmlrpc.php>
Order allow,deny
Deny from all
</Files>
# Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
I wanted to add the "www" infront of my domain, which I have done but not sure if it was added properly because I removed some of the code from the original .htaccess file which came with the open source script.
Original .htaccess file:
# secure htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>
# disable directory browsing
Options All -Indexes
# disabel access to logs/template files
<Files ~ "\.(log|tpl)$">
order allow,deny
deny from all
</files>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/uploaded [NC]
RewriteCond %{REQUEST_URI} !\.(jpe?g|png|gif)$ [NC]
RewriteRule .* - [F,L]
Current .htaccess file:
# secures htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>
# disable directory browsing
Options All -Indexes
# disable access to logs/template files
<Files ~ "\.(log|tpl)$">
order allow,deny
deny from all
</files>
# Force www:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^websitename.com$ [NC]
RewriteRule ^(.*)$ http://www.websitename.com/$1 [L,R=301,NC]
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/uploaded [NC]
RewriteCond %{REQUEST_URI} !\.(jpe?g|png|gif)$ [NC]
RewriteRule .* - [F,L]
My .htaccess file for a Kohana 3.3 project is:
# Turn on URL rewriting
RewriteEngine On
# Installation directory
RewriteBase /
# Protect hidden files from being viewed
<Files .*>
Order Deny,Allow
Deny From All
</Files>
# Protect application and system files from being viewed
RewriteRule ^(?:application|modules|system)\b.* index.php/$0 [L]
# Allow any files or directories that exist to be displayed directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Rewrite all other URLs to index.php/URL
RewriteRule .* index.php/$0 [PT]
Following Eric's advice I have updated the htaccess to the following:
# Turn on URL rewriting
RewriteEngine On
# Installation directory
RewriteBase /
# Protect hidden files from being viewed
<Files ".*">
Require all denied
</Files>
# Protect application and system files from being viewed
RewriteRule ^(?:application|modules|system)\b.* index.php/$0 [L]
# Allow any files or directories that exist to be displayed directly
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Rewrite all other URLs to index.php/URL
RewriteRule ^(.*)$ index.php/$0 [PT]
I updated the Virtual Host to include:
<Directory /srv/www/example.com/public_html/>
Require all granted
</Directory>
Did I miss something else?
Modified htaccess
# Protect hidden files from being viewed
<Files .*>
Require all granted
</Files>
and added AllowOverride All to virtualhost config.
<Directory /var/www/example.com/public_html/>
Require all granted
AllowOverride All
</Directory>