I've developed a web application and I'm protecting it from direct access from browser using htaccess/htpasswd. What blocks me is that I want to protect the root directory of my application but not the files which are contained in it.
For example I have root folder 'A' and it contains folder 'B'. And under 'B' I have 'login.php'. I want that browser blocks me if I try "www.myapp.com/A/"
and allow access if I write "www.myapp.com/A/B/login.php". Regards
I finally find the solution. I just put the next line on the .htaccess file which is in the folder that i want allow access directly :
Require all granted
Thanks for All.
In essence you want to HTTP 403 (assuming you're replicating an .htpasswd failure) anything that's not a file in your directory structure - you can do that by adding (something like) this to the .htaccess file in you docroot.
# this is just to be "on the safe side" and shouldn't be necessary
# also this requires Apache >= 2.4
DirectoryIndex disabled
# this will rewrite anything that's not a file to a 403 Forbidden
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* - [R=403]
Related
Site location: http://localhost/~username/website
The website loads lots of images with an absolute url such as /image/image.png.
I need that request to go to:
http://localhost/~username/website/image/image.png
instead of
http://localhost/image/image.png.
I also need this to not affect any other folders or the root folder. So that I could also access http://localhost/image/image.png if I wanted to.
Is there some way of making it so that when it's requested from this subfolder to redirect?
I want the absolute reference like /css/something.css and /image/image.png to points to /subdirectory/css/something.css and /subdirectory/image/image.png. That way I don't have to rewrite all the absolute references. So, I don't want to modify the root directory.
I'm wondering if setting up a virtual host that would not allow the subdirectory "website" to have no ability to access the root. I don't ever need root access from this folder.
Be sure you are allowed to use .htaccess file in your webserver. Look at this how to enable in apache:
https://www.digitalocean.com/community/tutorials/how-to-use-the-htaccess-file
Create a .htaccess file in root or ~username/website directory Then write this to your .htaccess file:
Options +FollowSymLinks
RewriteEngine On
RewriteRule ^~username/web/image/(.*) /image/$1
Why the requirement to use /image/image.png? Why wouldn't you just use one of these instead:
http://localhost/~username/website/image/image.png (absolute)
image/image.png (relative without preceding slash)
You can use this rule in root .htaccess OR in Apache/vhost config:
RewriteEngine On
RewriteCond %{REQUEST_URI} !^/~
RewriteRule ^(.*)$ ~username/website/$1 [L]
I am installing Yii2 on a shared hosting environment,Apache, (Godaddy),
here is what I did as per the docs:
Renamed web folder to www
copied all the folders, now the directory structure looks like this:
public_html\
assets
commands
config
controllers
model
modules
views
www\index.php
.htaccess (this is both in public_html and www)
but when I access my domain, I get the following error:
You don't have permission to access / on this server. Additionally, a
404 Not Found error was encountered while trying to use an
ErrorDocument to handle the request.
Here are the contents of my .htaccess which I have copied in both public_html and www.
Options +FollowSymLinks
IndexIgnore */*
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php
is the htaccess creating problem? Is index.php not being run from the right folder? What else should I look for? any help is much appreciated.
Update:
The actual problem with the above error was that It was a Permissions issue.
Set the permissions from 644 to 755, and now the system is accessible.
BUT
the to access index.php I still need to navigate to it manually by typing in the url : www.example.com/www/index.php
UPDATE
As I don't have prettyurl's enabled, just to make it work, I deleted all the contents of the .htaccess, then I copied the contents of basic folder in the home folder (for future visitors it should be like home/your_user _name
CAVEAT EMPTOR
I know almost nothing about .htaccess. Also my this project is just for learning, this solution may not be useful in production settings.
Question is still open for expert advice on best practices in such scenario.
You need to move your domain pointer to www instead of htdocs, its probably somewhere under domain -> root folder. Your .htaccess looks fine.
I'm building an application for broad distribution and I want to change the way it's routed so that all the files can exist in the document root but still be secure as if they were above the doc root.
The ideal set up would be to house the application folder above the docroot like so:
/home
/---/username
/---/--->application
/---/---/--->all application files
/---/--->public_html
/---/---/--->all public files
But I know this isn't ideal for all potential users of my app, so I'd prefer to move this to a structure like so:
/home
/---/username
/---/--->public_html
/---/---/--->application
/---/---/---/--->all application files
/---/---/--->public
/---/---/---/-->all public files
Basically just putting everything within the doc root, forbidding access to the application directory, and routing all requests to the public folder, so that we can get the same security of having files above the doc root, but making it simpler for those that may not want this type of set up for their shared hosts.
I was thinking of using an include inside public_html/index.php that would include public_html/public/index.php but I can't seem to get that to work.
Any help would be appreciated.
As I understand it you want to have home/username/public_html as the real Apache Document Root, deny access from the /application directory and, ideally, route all web requests into the /public sub-directory instead (presumably for users not on dedicated servers who can't install outside of the docroot) ... If I've misunderstood the question let me know and I'll update/remove the answer ;)
You should be able to achieve this with an .htaccess file in /home/username/public_html like:
RewriteEngine on
# deny access to the application directory
RewriteRule ^application/? - [F]
# route all requests to the public directory that aren't already there
RewriteRule ^(?!public/)(.*)$ /public/$1 [L,QSA]
Any attempts to access the /application directory will result in a 403 error and all requests to http://www.myserver.tld/file.ext will be routed to http://www.myserver.tld/public/file.ext.
Caveat: To prevent recursive loops of the redirect, the rewrite rule will not redirect any URL path that already begins with /public ... this means that any file under /public will be accessible on both the http://www.mysite.tld/filename.ext and http://www.mysite.tld/public/filename.ext - which may upset search engines.
To be extra safe you could also add an .htaccess file to the /application directory like:
Deny from all
Use this.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^$ public_html/ [L]
RewriteRule (.*) public_html/$1 [L]
</IfModule>
Are you using any framework in your app?
Have you a sample of code we could access to understand your problem?
Basically, you just need an htaccess in your public_html folder that redirect the request to the public folder and disable the access to any other directory than public.
Under my root web directory, I have this two files:
aboutus.php
about-us.php
Now going to this URL http://local.com/about-us.php will render the file about-us.php. If I will do the inverse, how can I dictate the .htaccess that whenever the URL above is access, the aboutus.php will be rendered?
If you have access to the whole server config, the most efficient way to do this is to use mod_alias. Unfortunately this needs to be done in VirtualHost config - which is only accessible if you got root access to that server.
Alias /about-us.php /full/local/path/to/aboutus.php
If you cannot edit the VirtualHost config, use mod_rewrite (needs more server resources though, as every request has to be matched to those rules):
RewriteEngine On
RewriteRule ^about-us.php aboutus.php [L]
Should do the trick.
I have a website that is working properly.I dont know when I do "Domain-name.com/images" It shows me all the images in the images folder present at my site.I dont know why is this.may be this is due to the Directory permissions?But I want to ask know the actual reason behind it
Help will be appreciated.
Note:I am tagging Php and Html because these people might faced this thing while creating website.
This is because there is no index file in the folder, and Apache (assuming Apache) is set to do directory indexes.
Either create an empty index.html or add the following in either apache2.conf (or httpd.conf) or in a htaccess file:
Options -Indexes
You can restrict the folders using .htaccess.
Create .htaccess file in you website root folder and add the following code in it.
RewriteEngine on
RewriteCond $1 !^(css|js|images)
RewriteRule ^(.*)$ index.php/$1 [L]
This is a problem with the configuration of your web server which allows directory listing for your image folder. E.g. on Apache, the most common server software, you would switch it off in the httpd.conf with the directive Options -Indexes in a directory section.
To answer your question: yes. If it's a web accessible directory meaning it resides in the typical webroot folder such as public_html, www, etc and the permissions on the folder are open then anyone can see the contents.