I have WordPress MU installed on the server and using some Mod Deflate and Caching the files and some other minor amendments in the .htaccess file and when I came across some modification for the clients, I noticed that on his server the images are served from my server.
Server Config: Plesk/CentOS - Linux Hosting
After a full research I tried placing all the available codes in the StackOverflow articles and other tutorials and sites but can't find what am doing wrong but it's not working.
.htaccess with the hotlink regex and other rewrite rules
RewriteEngine On
RewriteRule ^index\.php$ - [L]
# uploaded files
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]
# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^[_0-9a-zA-Z-]+/(.*\.php)$ $1 [L]
RewriteRule . index.php [L]
<Files wp-config.php>
order allow,deny
deny from all
</Files>
<Files .htaccess>
order allow,deny
deny from all
</Files>
<Files xmlrpc.php>
Order allow,deny
Deny from all
</Files>
# Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
If I empty my .htaccess and just keep the following code it works.
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
What am I doing wrong?
You need to keep this HTTP_REFERER above all other rules. Problem is that you have rule that is rewriting all URIs to index.php. Due to that rule RewriteRule \.(jpg|jpeg|png|gif)$ fails.
Complete .htaccess:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
RewriteRule ^index\.php$ - [L]
# uploaded files
RewriteRule ^([_0-9a-zA-Z-]+/)?files/(.+) wp-includes/ms-files.php?file=$2 [L]
# add a trailing slash to /wp-admin
RewriteRule ^([_0-9a-zA-Z-]+/)?wp-admin$ $1wp-admin/ [R=301,L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule ^[_0-9a-zA-Z-]+/(wp-(content|admin|includes).*) $1 [L]
RewriteRule ^[_0-9a-zA-Z-]+/(.*\.php)$ $1 [L]
RewriteRule . index.php [L]
<Files wp-config.php>
order allow,deny
deny from all
</Files>
<Files .htaccess>
order allow,deny
deny from all
</Files>
<Files xmlrpc.php>
Order allow,deny
Deny from all
</Files>
# Wordfence WAF
<Files ".user.ini">
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
</Files>
Related
I have installed my PHP script in a directory of my website psc.af/photo after migration to another domain and in its main directory (public_html in cPanel) everything works fine but the images are not showing up. When i inspect the image link it shows mynewdomain.com/photo/images which is not and it got the photo directory from my previous installation in sub directory. So i cant see the images.
I have tried to change my app url and its fine, the only issue is missing images.
APP_NAME=Laravel
APP_ENV=local
APP_KEY=base64:cDd2jFWmOeQajBVf+UbCcCW9v0OxeZC/w+mp8qwgw0g=
APP_DEBUG=true
APP_URL=http://psc.af/
This is my .htaccess
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
Options -Indexes
<Files .htaccess>
order allow,deny
deny from all
</Files>
<Files composer.json>
order allow,deny
deny from all
</Files>
<Files composer.lock>
order allow,deny
deny from all
</Files>
<Files .env>
order allow,deny
deny from all
</Files>
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
# Remove index.php
RewriteCond %{THE_REQUEST} ^GET.*index\.php [NC]
RewriteRule (.*?)index\.php/*(.*) /$1$2 [R=301,NE,L]
</IfModule>
My website has the structure www.mywebsite.com/app/views/pages/dashboard.php however I wanted it to be only www.mywebsite.com/dashboard.php I tried to do this with htaccess but I'm not getting results
This is my complete htaccess
<files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</files>
Options -Indexes
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php
RewriteEngine on
RewriteRule ^dashboard\.php$ app/view/pages/dashboard.php
I wrote the follow .htaccess file:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
<Files ~ "^.*\.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfy all
</Files>
<Files "indexbig.php">
Order Allow,Deny
Deny from all
Allow from 127.0.0.1
</Files>
I want to deny access to the file "indexbig.php" but only allow acces from the local server. Somehow this allows access to every host. Could anyone help me out?
I am creating one secure website by using .htaccess . Everything works fine in other browsers but the site not working in Internet Explorer. Its showing 404 error. Please help I dont know much about .htaccess problems.
RewriteEngine On
#RewriteCond %{HTTPS} off
# First rewrite to HTTPS:
# Don't put www. here. If it is already there it will be included, if not
# the subsequent rule will catch it.
#RewriteRule .* http://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Now, rewrite any request to the wrong domain to use www.
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule .* http://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule ^ - [F]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^(.+)$ index.php?url=$1 [QSA,L]
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?localhost [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ https://openclipart.org/image/240px/svg_to_png/234001/no_glass_cameras.png [NC,R,L]
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule ^ - [F]
Header set X-Frame-Options SAMEORIGIN
ServerSignature Off
# Disable Directory Browsing
Options All -Indexes
# Deny php direct accessing
<Files *.php>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Files>
<Files index.php>
Order Allow,Deny
Allow from all
</Files>
# DENY CODE
#<Files ~ "^.*">
# Deny from all
#</Files>
#<Files ~ "^index\.php|css|js|.*\.png|.*\.jpg|.*\.gif|.*\.pdf">
# Allow from all
#</Files>
#Header always edit Set-Cookie (.*) "$1; HTTPOnly; Secure"
I wanted to add the "www" infront of my domain, which I have done but not sure if it was added properly because I removed some of the code from the original .htaccess file which came with the open source script.
Original .htaccess file:
# secure htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>
# disable directory browsing
Options All -Indexes
# disabel access to logs/template files
<Files ~ "\.(log|tpl)$">
order allow,deny
deny from all
</files>
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/uploaded [NC]
RewriteCond %{REQUEST_URI} !\.(jpe?g|png|gif)$ [NC]
RewriteRule .* - [F,L]
Current .htaccess file:
# secures htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>
# disable directory browsing
Options All -Indexes
# disable access to logs/template files
<Files ~ "\.(log|tpl)$">
order allow,deny
deny from all
</files>
# Force www:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^websitename.com$ [NC]
RewriteRule ^(.*)$ http://www.websitename.com/$1 [L,R=301,NC]
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/uploaded [NC]
RewriteCond %{REQUEST_URI} !\.(jpe?g|png|gif)$ [NC]
RewriteRule .* - [F,L]