I have 2 domains, one is allow-site.com and the other is resource.com.
resource.com's file structure is:
root
|--- videos
| |---> 01.mp4
| |---> 02.avi
|--- index.php
|--- .htaccess
|
index.php contains a download link like:
<a href="http://localhost/resource/videos/01.mp4" download>Download</a>
In .htaccess I only allow the allow-site.com domain via an HTTP_REFERER RewriteCond, which allows allow-site.com's video players to play the videos correctly.
The .htaccess file is:
RewriteEngine On
RewriteBase /
# allow these referers to passthrough
RewriteCond %{HTTP_REFERER} ^http://localhost/allow [NC]
RewriteRule ^ - [L]
# redirect everything else
RewriteRule ^ https://google.com/ [R,L]
I don't want anybody to use the video links except if they come from allow-site.com, which is the purpose of this .htaccess file, and it works fine.
But the main problem is when I click on the download link, it downloads an HTML file not the video. If I ignore RewriteRule ^ https://google.com/ [R,L], it works as expected (the video downloads fine) but the videos can be used by anybody, from any other domain.
I don't understand how to solve the problem.
Thanks.
The download attribute on links probably strips the referrer by default, hence the user downloading the source of Google's homepage and not the video, because the RewriteCond is not met and the RewriteRule kicks in.
You could try to force a referrerpolicy="origin" on the link and see if it fixes the issue, but it doesn't seem to be well supported at the moment (http://caniuse.com/#feat=referrer-policy)
Also, your rewrite rules can be simplified to:
RewriteEngine On
RewriteBase /
# allow these referers to passthrough
RewriteCond %{HTTP_REFERER} !^http://localhost/allow [NC]
RewriteRule ^ https://google.com/ [R,L]
Related
I have an SSL sertificate, so http -> https is a must (as a precaution). I intend to have multiple subdomains, i.e. subdomain1.example.com, subdomain2.example.com, currently there is one subdomain that works without any issues. I'm using a multisite Wordpress setup, that was installed (purposely) in one subfolder. The multisite setup is for other languages. The current server folder layout is as follows:
public_html
backstage
subdomain1 (folder for the subdomain)
frontstage
wp-admin
wp-content
wp-includes
(the rest of the WP files)
index.php (a test file, that shouldn't load if the redirection is set up properly)
Currently, the www.example.com/frontstage/ opens the main WP site, this is fine. I can access its wp-admin without issues. www.example.com/frontstage/en/ shows a 404 page, this is not fine. www.example.com/frontstage/en/wp-admin/ opens the dashboard fine for the other site.
I want to retain the stripping out of index.php from any links (to keep the links clean).
There are two "simple" things to configure properly:
I want to retain the server folder structure as it is, but having the "frontstage" folder skipped, so that when you visit www.example.com, the main WP site loads (and in the case someone would load www.example.com/frontstage/ it would redirect to www.example.com). Naturally, the "shift" needs to allow for the www.example.com/en/ to open the secondary website (any any other language sites that may follow). Ideally without rewriting all the links within the WP sites.
Currently the /en/ site doesn't load its root. The demo posts and pages load fine.
My current .htaccess on the root level looks like this:
# disable index.php from urls
RewriteEngine On
RewriteBase /
<IfModule mod_rewrite.c>
# redirect index.php requests
RewriteCond %{THE_REQUEST} ^GET.*index\.php [NC]
RewriteRule (.*?)index\.php/*(.*) /$1$2 [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]
</IfModule>
# force https and www
RewriteCond %{HTTPS} off [OR]
RewriteCond %{HTTP_HOST} !^www\.example\.com$ [NC]
RewriteRule ^(.*)$ https://www.example.com/$1 [L,R=301]
# move wordpress one level up
# allow subdomain
RewriteRule ^backstage\/subdomain1\/?(.*)$ "https\:\/\/subdomain1\.example\.com\/$1" [R=301,L]
Any help with this is highly appreciated (I'm still learning the htaccess bits and tricks and this one is truly beyond me). What am I missing in the above code to get it right?
When I have WP installed within a subfolder, I just goto Settings => General and change the Website URL by removing the subfolder.
Afterwards I move the file index.php one folder level up and in your case, would change it to:
require( dirname( __FILE__ ) . '/frontstage/wp-blog-header.php' );
Does this solve your problem?
Find a detailed description how to move WP to a subdirectory on this site - You can find a detailed description about putting Wordpress in a subdirectory on the following website https://codex.wordpress.org/Giving_WordPress_Its_Own_Directory
Regarding a redirection from http to https - this is possible within the .htaccess. Much better, in my opinion, would be an alias on the apache (this usually should be done by your hoster).
The difference:
The htaccess redirect goes back to the user and then again to the server, which costs some time. The alias is - as far as I know - redirected on the server.
if you want to force https, you can do it with the following entry.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{SERVER_PORT} !^443
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</IfModule>
I am using .htaccess code to turn blog.php into /blog/ with this code:
# --- CUTENEWS[ST]
Options +FollowSymLinks
RewriteEngine On
RewriteRule ^blog(\d+)*$ ./blog.php
RewriteRule ^blog/(\d+)*$ ./blog.php
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ /blogengine/show_news.php?cn_rewrite_url=$1 [L]
# --- CUTENEWS[ED]
This works fine, except when I load the web page with /blog/, the images break. If I load the web page with /blog.php or /blog, the images load fine.
I have been searching through all the .htaccess issues people have had on Stackoverflow, and this is as far as I have come to getting things working. The cutenews php is there because I am using cutenews for blog integration in my site.
I appreciate any suggestions. I am pretty new to .htaccess
This is because your relative URIs have their base changed. Originally, the base is / when the page is /blog.php, and the browser properly fills in relative links with the / base. But when the browser goes to a page like /blog/ the base suddenly becomes /blog/ and it tries to append that in front of all relative URLs and thus none of them load.
You can either make your links absolute, or change the URI base in the header of your pages (inbetween the <head> </head> tags):
<base href="/">
You are not accounting for trailing slash. This RewriteRule ^blog(\d+)$* will not match /blog/ .Try this instead:
RewriteRule ^blog/([0-9]+[^/])*$ /blog.php/$1
EDIT:
As we discussed in chat you needed something else, here it is:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^blog(.*)$ /blog.php?route=$1 [R=301,L]
This will catch URLS like: /blog, /blog/, /blog/anythig_goes_here/2343/ . Adding 301 Permanent Redirect header, and L meaning don't process other rules.
in your blog.php you can reach 'route' paremeter via:
echo $_GET['route'];
EDIT:
After discussing further, the issue was solved by removing "/" from the begining of the redirect url, so now that rewrite rule line looks like:
RewriteRule ^blog(.*)$ blogposts.php?route=$1 [L]
For images, absolute urls need to be used, starting with "/" pointing to your web root.
I have the following .htaccess:
RewriteEngine On
RewriteBase /sandbox/
RewriteRule ^(assets)($|/) - [L]
RewriteRule ^(.*)$ lib/script/bootstrap.php?route=$1.php [NC,L,QSA]
What I am doing is redirecting all requests (except for my assets - img, css, js) to my bootstrap script, which will handle the request via the route parameter, which includes the URL request.
This works fine in most cases, except for when I have a call such as:
http://www.example.com/sandbox/admin, where admin is a folder that exists in my directory, amongst other folders. This folder contains various pages that are accessible, aswell as an index.php file that my bootstrap.php routing will redirect requests from the above URL to it, by default.
My problem is that when I attempt to hit the page: http://www.example.com/sandbox/admin, my htaccess (as far as I know) is rewriting the visible URL to http://www.example.com/sandbox/admin/?route=admin.php, which is not as pretty. I believe it's because there's some conflict going on with the fact that the above URL is a valid URL pointing to my /admin/ folder, but I would like my .htaccess to ignore this and send this aswell to my bootstrap.php (line 4 of my .htaccess). What am I doing wrong?
Here is the requests coming in my browser:
UPDATE:
Strangely, http://www.example.com/sandbox/admin/ works fine, but not http://www.example.com/sandbox/admin (notice the trailing slash).
If you have real folders you need to use a condition to ignore real files and folders. All other requests will get routed to your bootstrap file. (If I understand your issue correctly.)
RewriteEngine On
RewriteBase /sandbox/
RewriteRule ^(assets)($|/) - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/?$ lib/script/bootstrap.php?route=$1.php [NC,L,QSA]
I have a custom web app and the file structure works like this:
/apps/calendar/frontend/index.php
/apps/calendar/frontend/view/index.php
/apps/calendar/backend/index.php
/apps/calendar/backend/edit/index.php
/apps/calendar/backend/add/index.php
/apps/calendar/backend/view/index.php
I'm trying to write a .htaccess file to help redirect the files so they cant see the 'real' path.
RewriteEngine on
RewriteCond %{REQUEST_URI} !^/admin
RewriteRule ^([^/\.]+)/(.*)/(.*)($|/$) /apps/$1/frontend/$2/$3 [NC,L]
RewriteRule ^([^/\.]+)/(.*)($|/$) /apps/$1/frontend/$2 [NC,L]
RewriteRule ^([^/\.]+)($|/$) /apps/$1/frontend/ [NC,L]
When I visit localhost/calendar it should map redirect to /apps/calendar/frontend/index.php. But when I visit localhost/calendar/add it gives me a 301 (permanent move) then shows the full page of localhost/apps/calendar/frontend/add/index.php in the console. Anyone got any ideas why this would happen? Or a better way around this? The apps might have heaps of sub-directories so, I'm not particularly keen on having a rule for ever subdirectory combination.
As you can see also I have a /admin path, which would load the /backend/ parts of the app. I would assuming I can do the similar code with the prefix of /admin?
This question might also be of your interest: Create blog post links similar to a folder structure.
Given that your .htaccess is located on the root folder of your domain /home/youraccount/public_html/.htaccess, it would look like this:
Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI} !^/(admin|apps) [NC]
RewriteCond %{DOCUMENT_ROOT}/apps/$1 -d
RewriteRule ^([^/]+)/?(|.*)$ /apps/$1/frontend/$2 [NC,L]
RewriteCond %{REQUEST_URI} !^/apps [NC]
RewriteCond %{DOCUMENT_ROOT}/apps/$1 -d
RewriteRule ^admin/([^/]+)/?(|.*)$ /apps/$1/backend/$2 [NC,L]
Let's say the user access:
http://domain.com/calendar
http://domain.com/calendar/
http://domain.com/calendar/add
All the above would redirect to
/apps/calendar/frontend/index.php
/apps/calendar/frontend/index.php/
/apps/calendar/frontend/index.php/add
And the if the user access:
http://domain.com/calendar/admin
http://domain.com/calendar/admin/
http://domain.com/calendar/admin/add
It would go to:
/apps/calendar/backend/index.php
/apps/calendar/backend/index.php/
/apps/calendar/backend/index.php/add
So it would make index.php your controller for each end:
/apps/calendar/frontend/index.php
/apps/calendar/backend/index.php
I am working on a new project where I want to improve the security by using 2 level folders.
The folder "Core" contains all the folders including the "public" which needs to be the only folder the visitor can access.
A short introduction about my webdir:
webdir
| - .htaccess (core)
| - classes
| - functions
| - public
| - .htaccess (public)
| - css
| - files
| - de
| - en
| - general
| - nl
| - images
| - index.php
| - js
| - swf
| - template
For your information:
My public/index.php file sorts out in which section the files are located via [geturl] and [section]. The request "http://example.com/nl/openfile" points to:
public/index.php
this file reads the $_GET and sees that [geturl] is "openfile" in the [section] "nl"
public/index.php wants to open: "files/nl/openfile.php"
this is how it works and I want it to work!
What I want to achieve with my .htaccess is the following:
The website supports 3 languages: en/de/nl. When no language is set then the nl language should be default.
http://example.com/nl/contact needs to target the file: public/files/nl/contact.php
Currently, when the visitor inputs http://example.com/nl/css (with no trailing slash, the problem doesn't occur when the trailing slash is added) the server translates this to http://example.com/public/css/?section=nl.
This is too much information for the visitor. I don't want users to see where the files are located.
The public folder should not be accessed directly. So when a users inputs http://example.com/public this should be redirected to http://example.com/nl/
My current .htaccess files:
.htaccess (core)
<IfModule mod_rewrite.c>
RewriteEngine on
Options +FollowSymLinks
Options -Indexes
RewriteCond %{HTTP_HOST} ^customer.com$ [NC]
RewriteRule ^(.*)$ http://www.customer.com/$1 [R=301,L]
RewriteRule ^company(.*)$ public/$1?section=company [L]
RewriteCond %{QUERY_STRING} (.*)
RewriteRule !(nl|en|de)/(.*).* /webdir/nl/ [R=301,L] # IF NO LANG ISSET THAN NL REDIRECT
RewriteRule ^error(.*).* public/?getpage=error&%1 [PT,L]
RewriteRule ^(nl|en|de)/(.*).* public/$2?section=$1&%1 [L]
</IfModule>
.htaccess (public)
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{QUERY_STRING} (.*)
RewriteRule ^(.*).* index.php?geturl=$1&%1 [PT,L]
</IfModule>
What am I doing wrong and how can I improve the .htaccess files?
Summarized, I want the .htaccess to do the following:
The website supports 3 languages: en/de/nl. When no language is set then the nl language should be default.
http://example.com/nl/contact needs to target the file: public/files/nl/contact.php
Currently, when the visitor inputs http://example.com/nl/css (with no trailing slash, the problem doesn't occur when the trailing slash is added) the server translates this to http://example.com/public/css/?section=nl.
This is too much information for the visitor. I don't want users to see where the files are located.
The public folder should not be accessed directly. So when a users inputs http://example.com/public this should be redirected to http://example.com/nl/
Do you know you can block an entire directory by putting an .htaccess with deny from all inside?
This way you can keep your project structure simpler and more portable.