I have a directory structure like
/logging.php
/customer1/
/customer2/
/customer3/
...
Now I need to log all access of the subdirs customer1, customer2, customer3 and so on.
Can I somehow (like a htaccess rule) lead all access trough a php file logging.php which saves the access into a mysql database and than forwards to the wanted directory?
I don't want to include the logging.php in every single file of the subdirs, as the subdirs are dynamically generated.
A simple .htaccess rule should suffice.
RewriteRule ^(customer\d+(/.*)?)$ /logging.php?path=$1 [L]
Within logging.php, just look at $_GET['path']
This is assuming that the directory and files in question are in the web root of your site (Usually something like public_html/ or wwwroot/)
Related
I would like to know if it's possible to point my domain to a directory which is two folders in from the root.
The point is, I inform the page that will be showed in the content area trought the URL variable, like this:
www.dominio.com.br/index.php?c=products/list (in this way, it works well)
I would like to access this path by using: www.dominio.com.br/products/list
This is my structure...
public_html
.htaccess
index.php
**products**
**list.php** <-- My desired folder.
customers
list.php <-- My desired folder.
new.php
I need a .htaccess code for read this URL with sub-directory folder in the variable. For now, I could make work when using the file in the same folder as index.php.
I hope this all makes sense.
Thanks.
If
www.dominio.com.br/index.php?c=products/list
Works well for you, you could use a rewrite rule to map a 'virtual' folder path to your existing page:
RewriteEngine On
RewriteRule ^products/list$ index.php?c=products/list
I'm trying to build good security habits, so I'd like to move my sensitive PHP files outside the public_html directory. My setup is LAMP (Apache 2.4, PHP 5.5) with the following directory structure:
/home/username/public_html
/home/username/src
The sensitive files are in /src. My previous setup had that folder at /home/username/public_html/src and I had some .htaccess rules directing users there, such as
RewriteRule ^myaccount$ src/account.php
Now that the script is out of public_html, I'm not sure how to redirect it from htaccess (all paths in htaccess are relative to /home/username/public_html)
I read about the Alias directive from Apache docs which would allow me to set a directive such as Alias /src /home/username/src but that doesn't work in .htaccess and I would rather not change the httpd[-vhosts].conf unless that's the best way to solve my problem.
SOLUTION
credit: #Idealcastle (below) inspired a solution which allows me to keep my sensitive files out of public_html while still allowing htaccess to link to them.
I changed .htaccess directive from ^myaccount$ /src/account.php to ^myaccount$ redirect.php?file=account.php. I then created a gateway script which includes the script file I am trying to protect. redirect.php is in the public_html folder and has the contents below:
<?php
if (empty($_GET['file'])):
//the file argument is missing
http_response_code(400); //bad request
exit;
else:
$file = rawurlencode($_GET['file']);
$path = "/home/username/src/$file";
//Check the file against a whitelist of approved files. if it's not
//on the list, exit with http_response_code(403): Access Forbidden
//seek the file from its private location
require $path;
endif;
This code will insert the right file based on the value of the file argument set in .htaccess
You wouldn't want to redirect or make public access the /src directory as it defeats the purpose of what you are doing.
If I understand you correctly, how about linking specific files in /public_html to the ones in /src for script execution.
Such as /home/username/public_html/account.php
inside this file you would have
<?php include('/home/username/src/account.php'); ?>
Now the public can access files you allow it to. and the /src is protected from direct script execution.
And then for your htaccess, do the same thing,
RewriteRule ^myaccount$ /home/username/public_html/account.php
but instead make it go to the public html.
How can I restrict the user into the root directory and not able to get access to the parent directory of the root.
I have EasyPHP installed and following I am considering as root:
http://127.0.0.1/projects/Web%20Developement/aureus/files/
I don't want user to able to move to the parent directory but when I add "dot dot slash" ../ at the end of above URL I can access "aureus" directory. How can I stop this by .htaccess or any other way?
You can't do correctly with .htaccess. You'll need to edit the configuration for the domain in the main config file. When you go into your httpd.conf file or your included file for the virtual hosts you need to look for the DocumentRoot you're setting for the server. The web server only has access to what you grant it.
If you can access a folder you're trying to lock down via the web or a browser on another machine, you'll need to look at a variety of permissions settings depending on the OS you're running. You can restrict access to folders and prevent the users in Linux for example from seeing the files with chmod. In Windows (if that's what you're running) you would right-click on the folder, select properties, and change the permissions under the security tab.
Not sure what the point of all this is, but if you simply don't want any ../ in your URLs, then you can try adding this to your htaccess file:
RewriteEngine On
RewriteRule ^(.*)\.\./(.*)$ /$1$2 [L,R=301]
I think rather than specifically try to stop the use of ../ in the url, you should have htaccess in folders you do not want people/bots/other to be in.
This
Options -Indexes
in a .htaccess file will stop directory listing in whatever folder the htaccess file is in. It'll serve a 403, but you can use htaccess to serve 404 or redirect based on what you need (other than "stop user to able to move to the parent directory" I'm not 100% sure what you want)
Cheers
I'm trying to find a way to dynamically change the root folder of a site. I currently set the root folder with the following:
RewriteCond %{DOCUMENT_ROOT}/foo/bar%{REQUEST_URI} -f
RewriteRule ^(.*)$ %{DOCUMENT_ROOT}/foo/bar%{REQUEST_URI} [QSA,L]
So if a user visits http://example.com it's pulling from /foo/bar. However I would like to be able to change /foo/bar to any other random directory of my choosing with PHP.
This is done is because the root folder of the site can be changed quite regularly for various reasons.
I could just write a PHP script that will replace /foo/bar in the .htaccess file but that's not a wise decision to give PHP write access to .htaccess. Ideally I would like to have a simple .txt file that can be included to pull in /foo/bar and then PHP can write that .txt file.
Is this possible, or is there any other way to get this done? Essentially the thing that matters is that PHP can safely change the root folder without a Apache restart.
You might want to look into RewriteMap, but actually, I'd make a symlink, and point it to the proper place.
I have a php websites hosted on a server. I use CPanel to manage it. public_html has lets say following directory structure
public_html
- dir1
- dir2
- dir3
- ....other files.....
- website2home
Now I am trying to make website2home as the base directory of my website, but files inside website2home use some files from public_html folder and some files from within itself.
THE PROBLEM
When I assign a domain name to website2home, It does not reads the files from public_html folder (in fact, public_html folder is not visible) and shows some php warnings and some 404 not found errors. But lets say the domain name for original website is www.aaa.com, then if I access website2home by using www.aaa.com/website2home all works fine.
So My Question...
Is there any way to set the base directory, so that my website2home fetches all files and correct files without replacing hundreds of filepaths in php code?
Please answer considering that I don't want to modify source files of website.
I believe you are looking for some kind of .htaccess configuration. For instance, you may set your website2home folder as base folder for your www.aaa.com domain and then redirect some file access to other folders using .htaccess, something like this..
RewriteEngine on
RewriteRule captcha.jpg ../captcha.jpg
RewriteRule \.pdf$ ../pdf_files/$1
Have a look to mod_rewrite documentation
Edit: If, for some reason, the ../ redirection doesn't work, you always can redirect all your files to a pseudo-index PHP page. For instance:
RewriteEngine on
RewriteRule captcha.jpg my_index.php?access=../captcha.jpg
RewriteRule \.pdf$ my_index.php?access=../pdf_files/$1
And then, in your index PHP page you can simply load your PHP files in other folder:
require "../pdf_files/$requested";