There are several URLs that link to my site. I want to deny access to them.
All of these sites have a unique and common keyword in the URL: /roger23/
Example URLs are:
example.net/roger23/studie-ee.html
second-domain.org/roger23/somt-ohter-file.php
yetanotherone.eu/roger23/hello-world
etc.
So, again, the common keyword in all of these URLs is: /roger23/
I want to use .htaccess to deny access to such URL. Here is what I tried, but I need to make sure this is the correct way and it only covers links that contain "/roger23/" and nothing else (to prevent legitimate sites linking to the site).
So in htaccess I tried this:
SetEnvIfNoCase Referer "/roger23/" spam=yes
Order allow,deny
Allow from all
Deny from env=spam
Is this the right way to do it? It seems to work but I don't want to exclude any other legitimate links that don't contain the word '/roger23/'.
For example, these ones should be allowed:
some-things.net/roger23
some-others2.com/roger23.html
I'm confused if there should be quotation marks there or maybe there should also be * or ^..
You can try to use such pattern to restrict access to urls with /roger23/:
SetEnvIfNoCase Referer "^(.*)/roger23/(.*)" spam=yes
Order allow,deny
Allow from all
Deny from env=spam
Another solution for same problem of restricting access:
# Block visits from /roger23/
RewriteEngine on
RewriteCond %{HTTP_REFERER} ^(.*)/roger23/(.*)$ [NC]
ReRewriteRule .* - [F,L]
Related
I have an ip list file for my country, as like this (txt document):
45.123.116.0/22
5.2.80.0/21
5.11.128.0/17
5.23.120.0/21
5.24.0.0/14
etc
i have two question about that.
1- can i forward the user, if he is in that list via .htaccess file? (if he is, use this adress.. if not this adress)
2- how can i check 'if the user is in my country' via PHP? i mean, how can i say something like that..
if (strstr('list.txt',$_SERVER['REMOTE_ADDR']))
*1).htaccess file
The visitor blocking facilities offered by the Apache Web Server enable us to deny access to specific visitors, or allow access to specific visitors. This is extremely useful for blocking unwanted visitors, or to only allow the web site owner access to certain sections of the web site, such as an administration*
ErrorDocument 403 /specific_page.html
area.*
order allow,deny
deny from 255.0.0.0
deny from 123.45.6.
allow from all
When using the "Order Allow,Deny" directive the requests must match either Allow or Deny, if neither is met, the request is denied.
doc 1)http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order
doc 2)http://www.htaccess-guide.com/deny-visitors-by-ip-address/
2) Proof of Concept (can't say this works as is....)
$current_ip = $_SERVER['REMOTE_ADDR'];
$valid_ip = false;
// Convert IPs to Regex
foreach($cfg['ipallowed'] as $index=>$ip);
{
$ip = str_replace('.', '\\.', $ip);
$ip = str_replace('*', '[0-9]|^1?\\d\\d$|2[0-4]\\d|25[0-5]');
if (preg_match($ip, $current_ip)
{
$valid_up = true;
break;
}
}
if ($valid_ip)
1; you can redirect by IP to a holding page:
# Redirect a user to /specific_page.html based on their IP address.
RewriteCond %{REMOTE_ADDR} ^10\.0\.0\.2$ [OR]
RewriteCond %{REMOTE_ADDR} ^127\.0\.0\.2$
RewriteCond %{REQUEST_URI} !specific_page\.html$
RewriteCond %{REQUEST_URI} !\.(js|png|gif|jpg|css)$
RewriteRule ^ /specific_page.html [R=302,L]
2; see this question/answer which recommends using http://www.hostip.info/use.html.
All the links in the website are a get-variable. The user opens always the index.php and gives different get-variables, which defines the different content.
Example:
The home page is example.com/?p=1
The contact page is example.com/?p=7
Now I want the URLs to look like example.com/contact. And because the number of pages is not static I can't create a directory for every page.
Probably I need a way to import the content of my index.php (example.com?p=3) to a path, which doesn't exist (example.com/new-path).
I've heard there is a way to solve that using the .htaccess file.
I'm not .htaccess / mod_rewrite expert, but just found this one may be useful for you. Note that you'll have to provide an entry for each page you are redirecting as the system will not know the relationships between the numbers and the pages by itself. You may have to fiddle around with it a bit to try and remove index.php.
# Original URL:
# http://www.example.com/index.php?p=1
# Desired destination URL:
# http://www.example.com/path-to-new-location/
# .htaccess syntax:
RewriteEngine on
RewriteCond %{QUERY_STRING} p=1
RewriteRule ^index\.php$ /path-to-new-location/? [L,R=301]
# Redirect URLs with query parameters (files placed in subdirectory)
Note, # is a sign for comments, anything on that line (in gray) will be ignored, it's sole purpose is to provide you information / comments on the code.
Source (line 52-63): Common .htaccess Redirects - Gist
Ok, so I have set the .htaccess like so:
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^/]+)$ index.php
so as you can see I'm parsing everything to index except files because I need to "include" the php files and also displaying of images.
If users will type for example www.site.com/login.php that will show the login php page.
How do I prevent access to the php pages but also allow to "include" them?
Move them outside of your document root. They can be safely included from there but not accessed over the web.
If I understand the question do you want to not allow the user to go to other files if not logged in ? If so you can use php sessions to set a variable that they are logged in otherwise redirect to index
(If I understand the question)
If you wanna go that route (the outside webroot advise is the correct one!) then you could use a rule like that (see regex negative lookahead):
RewriteRule ^(?!index).+\.php$ - [F]
That's sloppy in that would allow index2.php or indexdir/xyz.php still; it just pevents anything that's not index*.php from being accessed. Make sure to also disallow .cgi or .phtml or .tpl if need be.
I am trying to redirect from one url to another using a htaccess file. I have got them all working except from one which causes an infinite redirect loop. The url I wish to redirect from is:
http://website.co.uk/author/ and i want to redirect to http://website.co.uk/author/authorname
Any ideas would be helpful
Sounds a lot like your .htaccess redirect rules are doing pattern matching on your domain name, so that when you redirect to /jamescrawford it matches against www.pragencyone.co.uk/author/ and tries to redirect again.
If you're trying to catch everything that matches http://www.pragencyone.co.uk/author/.* then you'll need to exclude http://www.pragencyone.co.uk/author/jamescrawford (and potentially any assets it uses like images, if they're in the same directory) from being matched by the pattern you're using.
You might try posting the actual rules that you're using to do the redirect, though obviously be sure not to post anything any info from your .htaccess that would compromise your server's security.
try this in your htaccess file
RewriteEngine On
DirectoryIndex index.php
AddDefaultCharset On
Options +FollowSymLinks -Indexes
RewriteRule ^author /author/jamescrawford [L]
RewriteRule ^author/ /author/jamescrawford [L]
Foreword: I know this is a bit of a security flaw, but I'd like an htaccess solution
I have a semi-private wiki (php,mysql,mediawiki) that I'd like to allow only to a specific range of IPs, except make it public (allow all) if the article title is title=public_articleName#### which I believe is ^title=public_articleName([0-9]{4})$ ?
I also use rewrite rules in toplevel htaccess so that the urls are beautified (www.site.com/wiki/article is actually www.site.com/wiki/index.php?title=article) in my case I would like www.site.com/wiki/ to be (partly) forbidden, but www.site.com/wiki/public_articleName2345 visible for all)
Any ideas ? I know you can access %{QUERY_STRING}, but I have no idea to force a 403 based on that match (except for IPs xxx.xxx.xx.xxx)
Thanks for your input
edit:clarifications
You can use the [forbidden] flag on RewriteRules:
RewriteRule index.php?title=disallow forbid.html [F]
You can combine that with a RewriteCond maybe to match IPs or prevent this rule to apply to allowed pages.
RewriteCond ${REMOTE_ADDR} !78.22.131.219
RewriteRule index.php?title=disallow forbid.html [F]
Some notes here: https://serverfault.com/questions/214512/everything-you-ever-wanted-to-know-about-mod-rewrite-rules-but-were-afraid-to-ask
It would however be heaps easier to implement this programmatically in the wiki software.