I'm experimenting trying to build a web app for an idea that I had. I wanted to basically have people log in over Facebook (so I won't be handling passwords anyway), and add in their student email address (ie .edu). Then, this information would be stored in my site's database.
I realized that since this is potentially sensitive information, it might be a good idea to encrypt--and I wanted to figure out how to use SSL anyway. I installed the certificate and used .htaccess to redirect visitors to the https site... Then I noticed that the jQuery EtherPad plugin I was using had stopped working. Presumably, I will eventually figure out a better fix for using EtherPad, but I was wondering anyway, if there's any purpose to using SSL on the entire site or if it is correct. I had heard that it makes a lot of sense to use https only when users are entering secure information, ie login.
Additionally, I can't quite figure out how to do this. If you enter my site's name, it redirects the homepage to https. Furthermore, from there, any links remain https. However, if you enter a folder ie /about, it will use http until the user goes to the homepage.
Any advice? I hope this is specific enough. I read several other pages, but they were too dense for me and didn't seem to address my specific question. I am a web development and stackoverflow noob.
Below is my .htaccess file. I have a vague understanding of what it means, but not exactly.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^website\.com
RewriteRule (.*) https://www.website.com/$1 [R=301,L]
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} folder
RewriteRule ^(.*)$ http://www.website.com/login/$1 [R,L]
Related
i read the other threads about this topic but i couldn't find anything that i felt could apply in my case. It seams pretty basic though. I have a website built in php with apache server. In this moment all the traffic is done via http. The people who paid for the site, now want to move it to https. They bought a certificate and the web server hosts will install it. What changes do i need to make to make it work via https, besides changing the redirects within the code?
I also found this link which seems pretty helpful, but i think maybe it's too complex?
Thank you,
Alex
You should change your resource links (like external JavaScript references such as jQuery) in the site where there are hard-coded paths in http://domain.name/some-link-here to just //domain.name/some-link-here. This will prevent the browser from complaining about mixed-mode content.
For links that are on the same domain, you could use absolute/relative URLs.
After that you can place and .htaccess such that any URLs accessed on the domain would automatically redirect to the HTTPS version. Place the following lines as the first rule in the file
.htaccess code:
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
The .htaccess will also take care of any hard-coded links (towards the same domain/site) that you might have in your site and that you have missed.
I am trying to make a site where users, after registration, have a personalized page with a subdomain. However, I want the same main site code to be used and content that is displayed to be generated depending on what subdomain the user visits, not by having copies of the code for each subdomain.
If it is unclear, what I want is similar to how blog hosting sites have subdomains, setting and everything without the need to do a fresh installation of the actual blog script.
I have PHP, MySQL knowledge and I use Codeigniter as my PHP Framework. What I do not know is how to achieve this effect without duplicating files.
Try putting this in your .htaccess file.
RewriteEngine On
RewriteCond %{HTTP_HOST} !^$.example.com [NC]
RewriteRule ^(.*)$ http://example.com/profile?id=$1 [R=301]
NOTE: Not sure if this'll work. Wrote it on the spot.
Make sure you have the profile system so that it loads id with a GET request of the /profile/ directory.
I was wondering if it is possible to block certain things from running through server.
Example. I am apart of ad network and some of the ad's are sexually suggestive. I have asked to not get these ad's on my page but was told they can't control the delivery network to block only adult ad's.
Is it possible in apache or htaccess or something to program the url's of the "dirty" ad's and have them not show up to the end user??
Sorry if my question is worded poorly. Thanks.
The below code in htaccess denies access to sexualwebsite.com:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^https?://([^.]+\.)*sexualwebsite\.com [NC]
RewriteRule .* - [F]
</IfModule>
Replace sexualwebsite with whichever domain you want to block. Source: http://davidwalsh.name/block-domain
Usually ads are not actually served by your server but injected into the page on the client using Javascript. Nothing you modify on your server would affect which ads are being pulled in by that client-side script.
It's might technically be possible to have some additional Javascript to monitor the ad-serving script and disallow the loading of an ad, but it would be a hack and would break if your ad provider changes something. It would also probably violate your ad provider's terms of service resulting in you not getting paid.
The only reliable way to control which ads are being served is by some API or control panel that would have to be provided by your ad network. If they don't offer this functionality, then there's probably nothing you can do about it.
I want to e-commerce platform like www.bigcommerce.com and www.buildabazaar.com. I have done with the backend coding. I have added a unique identification number for each customer to differentiate their products and choices. When a customer registers, a folder with his unique ID will be created in my domain, where all his images and styles will be saved. I have created like this. But i am stuck when a customer buys a plan from me and he will change name servers , he should get his site to be displayed in his domain.
I don't know how these things works. Please someone suggest me how to go about it.
You need to use Apache's mod_rewrite and define a rewrite rule per domain to map it to the correct folder.
Something like this:
RewriteCond %{HTTP_HOST} ^www\.example\.com$ [NC]
RewriteRule ^/?(.*)$ /customer/private/folder/$1 [L]
I cannot say for sure it will work perfectly for your setup, so you should read up on mod_rewrite. It is very powerful and should handle your situation.
you must use mod_rewrite in order to do that (virtually), not by creating a real folder on the file system!
Edit: if you are using Apache as the web server.
Is it possible to create subdomains dynamically on server using php script?
I want to create it.
My server is on hostmonster. And I want to create subdomains dynamically.
I'm not exactly sure what you're after, but here's something to think about.
Your DNS needs to be configured to support it by having a wilcard dns record that points to your web server. For instance *.mydomain.com.
Once done, you can use $_SERVER['HTTP_HOST'] to determine which host is being accessed. Alternatively, you could let PHP add the subdomain inside the web server configuration.
I wouldn't recommend doing this unless you really really know what you're doing.
"using php script".
If I'm not wrong it sounds you want to create virtual sub-domains on your site in order to display e.g. for each user such as wordpress.com or tumblr.
I think it's possible with .htaccess even I have never tried it, but maybe gives an idea.
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.example\.com [NC]
RewriteCond %{HTTP_HOST} ^([a-zA-Z0-9]+)\.example\.com [NC]
RewriteRule /user.php?username=%1 [L,NC,QSA]