I read all the discussions here on stack overflow but did not help me.
Let me explain what I would like to do:
I have a redirect from www.site1.it at www.site2.it Thanks to my hosting I can do a hidden redirect and keep the url "site1.it" when I reach "site2.it".
The problem is that my hosting inserts an iframe by including all the site disabling the responsive. I would like to know if there is a way to keep the same url after the redirect, make a hidden redirect.
ps. When I go to https://www.site2.it, the url must remain the same as it already is. I'm sorry for the link size but I do not have 10 reputation points.
Thanks for your help.
You need to changes 2 values in the database (site_url & base_url) (wp_options) and eventually create a proper DNS redirection in your hosting.
You can also check your wp-config.php
The "hidden redirect" won't help you, they are usually based on frames or iframes, and will mess with your site.
You can however use a reverse proxy. If mod_proxy is enabled, you can ask mod_rewrite to do it:
RewriteEngine On
RewriteBase /
RewriteRule ^(.*)$ http://example.org/$1 [P,L]
The client will not see that the request is proxied to another host (even if it's on the same server in your case). However, if links, CSS, JS and images are referenced with host (e.g. http://example.org/myimage.jpg instead of /myimage.jpg), you will have to add more magic. In that case it's probably easiest to set WP_HOME / WP_SITEURL on the target-site to the old address for proxied requests (you can probably recognize those by the REMOTE_ADDR).
Related
So I recently purchased a domain. I know how to make websites, so I uploaded a website that I made onto that domain. The only problem is is that it sends me to my index and then I have to click on some folders to actually get to see my website on my screen. I know what .htaccess is and does, but I'm not sure how to use it.
What I want is that when I go to www.mydomain.com it should open up my home.php file from the website that I made. This is my file order:
project/PHP/home.php
I'm not sure if I've given enough information, but I hope someone can help me out here.
As correctly written by #JimL in the comments above we would recommend that you simply replace home.php to index.php, since that is the default setting really all http servers are configured to use for the index document.
You can however change that, even if you can only use .htaccess style files:
DirectoryIndex home.php
That said I still would recommend to rename the index file instead. .htaccess style files should be avoided whenever possible. They are notoriously error prone, hard to debug and they really slow the http server down, often without reason. They are only offered for cases where you really need to do some configuration tweaks but do not have control over the http servers host configuration. That is for example often the case when using a cheap web space provider.
Considering the additional information you gave in the comment below you could also try to rewrite all requests to point to the php scripts inside that folder project/php. For that you can place such rewriting rules inside a .htaccess style file:
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/project/php
RewriteRule ^(.*)$ project/php/$1 [L,QSA]
If you also have to handle requests that require different rewriting then obviously you need additional rules.
But as already said in the comments below this is painful, slows the server down and makes things harder to debug.
Put your files in the public_html folder, or /var/www, you don't need the .htacces to do this.
I'm in the process of working on an error system for my site (i.e., if MySQL encounters an error, it sends them to an error page). I'm wondering, is it possible to use a "/" instead of "?err=" for a URL?
What I'd like to do is have people sent to the url "/error/404/" but display on page the content at url "/error?err=404". Is there a way to do this with HTAccess, or something of the sort?
My current way is with lots of files and iframes, and it gets really annoying when you have to update one tiny little thing.
Thanks!
What you are looking for is url rewriting. You can set it up using an .htaccess file, given that your installation of apache has mod_rewrite enabled (if not, check this question).
Here is a nice tutorial on how to do it.
Have a try with this:
RewriteEngine on
RewriteRule ^error/(\d+)$ error?err=$1 [L,QSA]
This should not end in a redirection loop, since this requires a trailing number in the URI.
Note that I removed your leading slashes from both the pattern and the result. .htaccess style files work on relative paths.
In general you should always prefer to place such rules inside your http servers host configuration instead of using .htaccess style files. Those files are notoriously error prone, hard to debug and the really slow the server down. They are only available as a last option for users who do not have access to the host configuration, for example when using a cheap hosting provider.
So I want to force the user to access the https version of my page rather than the http. And according to this post all I have to do is this:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.yourdomain.com/$1 [R,L]
But MY site resides in a folder within the main directory, so it's in www.domain.com/Folder. So should this htaccess code go inside the main directory or in the subdirectory. Because I do not want to change the way the access the main site, only the folder.
This is a not-so-good method of going about this, especially if you have access to httpd.conf. The better method is to create TWO virtual hosts. One for your standard port 80 stuff, which simply has an unconditional redirect to the SSL version, e.g. in pseudo-ish .conf talk:
<VirtualHost example.com:80>
RedirectPermanent / https://example.com
DocumentRoot /some/fake/path
</VirtualHost>
<VirtualHost example.com:443>
normal site stuff here...
</VirtualHost>
This has the advantage of leaving the redirect viable even if a config messup disables .htaccess files, plus serving up bogus/non-existent content if SSL dies for whatever reason.
You can leave it in the root directory but change it to:
RewriteRule ^(your-directory/.*)$ https://www.yourdomain.com/$1 [R,L]
Keep in mind, though, that before the redirect happens, the cookies and query parameters with possibly sensitive data has already been sent in clear text, so remember to use the secure cookie atribute if you use cookies.
Your site can be vulnerable if you're redirecting from http to https. Take a look at this for some more information on that.
http://www.thoughtcrime.org/software/sslstrip/
seems silly to "force ssl" till they fix the big gaping security hole it opens up in browsers in the name of "site verification"
this has no real basis and there is potential for abuse by a rogue CA, rogue state, or corruption.
(and the "verification" is useless anyway not being based on user wishes not anyone actually looking at the sites - there are plenty of phishing sites out there with "valid" certificates!)
there is way too much misinformation being bandied around about SSL
you get the same encryption with a self signed certificate but browsers tell users you site is "untrusted" (with of course no basis - "not checked" or "not verifiable" would be what any warning should actually say - warnings need to be informative not something that just scares users so much most of them just close them without even reading the rest of the warning!)
until this is fixed in browsers I cannot recommend the use of SSL at all in a web site context.
meanwhile all I can recommend to forget port 443 and implement your own encryption layer (or use something like ssh if it doesn't need to be a browser)
I need to protect my website from iframe. In the same times, I need to iframe by my own sites and some permitted website. How can I do this?
Every website cannot use iframe until I permit them. I seen it's possible provably by javascript.
See this link to realize the code view-source:http://onlinefreetv.net/test.php/
By this above code I can protect from any iframe but this system has no facility to allow my own site or permitted site to do iframe.
I hope I could described everything to get actual help. Thanks
I believe this is what you are looking for.
if (top.location !== self.location){
top.location = self.document.location;
}
You should better try these configuration directives in your .htaccess hidden file if it'll work:
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{HTTP_REFERER} !yoursite\.com$
RewriteRule . /abuse.txt [L]
And create an /abuse.txt file on your file manager with an abuse sentence that you want, such any caution or warning. But make sure that your web hosting account have Apache HTTP Server with mod_rewrite.
My server provides SSL connections via https, although the certificate costs extra...
Is there anything that needs to be changed in the PHP code to utilize this protocol?
My site has:
ajax forms via POST
regular forms and pages using POST and GET parameters
Session variables
You should be good to go. PHP does not impact the use of SSL or not.
Things you should check are:
Are all URLS in you application relative (no http://)
Are assets (CSS/JS/IMG) used in your site (both from internal and external sources) also as relative paths or prefixed with https://
Having an asset without https:// in a SSL powered site, the browsers will warn you visitors that something ain't right.
you can use the server .htaccess file to redirect all your links. So when the standard page is opened via say a link the server redirects to the https version...
# Permanent reirect ALL old pages to HTTPS:
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
Other than any hard-coded URLs, no, your code shouldn't know about the difference, nor care.
I'd have to say the same as mvbrakel, but as far as session cookies/cookies you will want to turn on HTTPS only if you are using https on ALL your pages.
Also adding HTTP only to cookies, js scripts won't be able to check value and such.
The code does not need to be changed, other than to change all links from http:// to https:// (seriously, don't forget that, else you aren't using SSL...)