I have a .htaccess file with the following contents:
<IfModule mod_rewrite.c>
RewriteEngine on
SetEnv HTTP_MOD_REWRITE on
RewriteBase /wsproject/
Options All -Indexes
DirectoryIndex index.php
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule ^(.+)$ index.php?url=$1 [QSA,L]
</IfModule>
I want to hide everything from the users: the directory structure and private files, while enable public files: *.js, *.html, *.css, *.swf, *.jpg and other stuff. I want .php files to be accessible only from the file system, except only the index.php in the root dir.
I only want to serve request via HTTP which are written with an (abstract) MVC URL pattern like: www.domain.com/lang/controller_name/action_name/arg1/arg2/././argn, which are being rewritten by .htaccess, and public *.html, *.js ...etc files.
While Options All -Indexes hides file listing, it will not prevent an undesirable request e.g.: www.domain.com/library/Bootstrap.php from being served.
Whereas deleting/commenting out RewriteCond %{REQUEST_FILENAME} !-f would solve this, but in this case none of my public .html, .css, .js ...etc files would be served.
I tried to apply Deny from all for each php files except the index.php but I always get an 500-internal server error message. Im doing this on localhost, on windows.
Any ideas?
Instead of stating that all but existing files should be directed to index.php, you can say that everything except *.js, *.html, *.css, *.swf, *.jpg should be directed to index.php.
This isn't exactly the same as denying, since you don't give a Forbidden response. Though in this case you don't give out any information about which files exist or not, so I'd argue that it's a better solution.
<IfModule mod_rewrite.c>
RewriteEngine on
SetEnv HTTP_MOD_REWRITE on
RewriteBase /wsproject/
Options All -Indexes
DirectoryIndex index.php
RewriteRule \.(js|html|css|swf|jpg)(\?|$) - [QSA,L]
RewriteRule ^index.php(\?|$) - [QSA,L]
RewriteRule ^(.+)$ index.php?url=$1 [QSA,L]
</IfModule>
Note that rewriting to -, means no rewriting is done at all.
Rather than (or maybe as well as...) editing your .htaccess file, I'd suggest using the chmod command to modify the read/write/executability values of your files.
A relatively succinct and sensible explanation of what chmod is/does can be found in the accepted answer here, but generally the simplest way is to chmod 644 your files and chmod 755 your folders.
Related
I did some research and spent my last 2 days trying to make my .htaccess work without success, and I can't fully understand how .htaccess really work.
This is the URL I'm trying to rewrite, using GET in my .php files:
http://localhost/BDsite/tables/table.php?table=Energy
and I want it to be like this:
http://localhost/BDsite/tables/Energy
Well, this is how my .htaccess is written, and its located inside the site folder, which is /BDsite
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^BDsite/tables/([^/]*)$ /BDsite/tables/table.php?table=$1 [L]
</IfModule>
Sadly nothing is happening with my URL.
As opposed to per-server rewrites, it is possible to do rewriting inside sections or .htaccess files at the expense of some additional complexity. This technique is called per-directory rewrites.
The main difference with per-server rewrites is that the path prefix of the directory containing the .htaccess file is stripped before matching in the RewriteRule.
A RewriteBase should be used to assure the request is properly mapped.
(source: apache.org - rewrite intro .htaccess files)
So, using your directory structure, and adding the necessary RewriteBase you'd get the following that should work:
.htaccess file in root folder (BDsite)
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine On
RewriteBase /BDsite/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^tables/([^/]*)$ tables/table.php?table=$1 [L]
</IfModule>
Project structure:
So now if you request: localhost/BDsite/tables/energy,
you'll get served localhost/BDsite/tables/table.php?table=energy
(check this by var_dump-ing $_GET in file table.php)
I had some problems with excluding a folder from the index block in the .htaccess file in my site's root folder.
After messing around a bit, I found a solution:
<IfModule mod_rewrite.c>
RewriteEngine on
</IfModule>
I wrote this in an new .htaccess file in the folder that I wanted to be excluded. This solved my problem (unblocking that specific folder while keeping the subfolders blocked) which is great and all but as far as I know, this piece of code shouldn't do anything. How could this possibly work?
Additional information:
- the excluded folder contains a Nibbleblog installation
- root .htaccess file:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.html [NC,L]
RewriteCond %{HTTPS} !^on$
RewriteRule (.*) https://url.url/$1 [R,L]
RewriteCond %{HTTP_HOST} ^www\.nyxcode\.xyz [NC]
RewriteRule (.*) https://url.url/$1 [R=301,L]
ErrorDocument 404 /errors/notfound.html
ErrorDocument 403 /errors/forbid.html
Options -Indexes
By adding RewriteEngine on to a .htaccess file in a subfolder, you've told Apache that the parent folder's .htaccess doesn't control rewriting in the subfolder. This is because Apache checks the folder that matches the URL first, and only then looks in the parent folder.
If you have this:
/
.htaccess
/subfolder1
.htaccess
/subfolder2
# no .htaccess file here
Then files in / and /subfolder2 are subject to the RewriteRules in /.htaccess. But /subfolder1 is subject only to its own .htaccess file, to the extent that it applies. Without RewriteEngine on, you haven't told Apache that the /subfolder1/.htaccess applies for rewriting purposes. With RewriteEngine on, you're saying, "Use this .htaccess for rewriting," even if there are no rules there.
In the past, I have got this working no problems at all, but for some reason on my new server I just can't get it to work.
I have the following .htaccess file in the root of my application
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php/$1 [L]
I have also enabled mod_rewrite and have confirmed this with php_info()
my site is located at /var/www/html/test
Is it possible that although mod_rewrite is enabled that it is not working and if so, how can I test it?
On some server implementations, you'll need to wrap it within <IfModule> tags.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>
Also check your httpd.conf file to ensure it has:
Options FollowSymLinks
AllowOverride All
It'd also be worth checking to makesure the .htaccess file isn't being overridden by another .htaccess file.
A simple way to test if .htaccess is working
Simply put the following in your .htaccess file:
deny from All
What this does is deny access to your site from everyone. If you are presented with a 403 forbidden when trying to access the site - the .htaccess file is being included. If not - see above.
I use this on my codeigniter setup
RewriteEngine on
# prevent these directories from hitting CI
RewriteCond $1 !^(index\.php|images|assets|robots\.txt|crossdomain\.xml)
# route everything else to the index.php
RewriteRule ^/(.*)$ /index.php/$1 [QSA]
(my setup is done in the virtualhost of .conf and not in .htaccess, though they are usually about the same configuration)
For some reason when I deploy my API using Restler's API Explorer (a fork of Swagger UI) to production it gives me a general 404 error when I load:
/api/explorer
When I am more explicit and state:
/api/explorer/index.html
It loads the framing for the page but then reports "404 : Not Found ../resources.json" in red text below the header:
I'm fairly certain there's something environmental flaring up as the same files locally work. I also checked the .htaccess file in the /api/explorer directory and it looks right to me:
DirectoryIndex index.php
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^$ index.html [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.html [QSA,L]
</IfModule>
Any help would be appreciated.
It turns out all the problems were down to a mod_rewrite problem. I'm still not 100% on WHY this problem showed up in one environment but not others with precisely the same httpd.conf and .htaccess. Oh well, the solution is to be explicit in the rewrite rule about your base url using the RewriteBase directive.
In the API directory I now have the following .htaccess file:
DirectoryIndex index.php
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /api
RewriteRule ^$ index.php [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>
In the API-Explorer directory I now have the following .htaccess:
DirectoryIndex index.php
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /api/explorer
RewriteRule ^$ index.html [QSA,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.html [QSA,L]
</IfModule>
In order to troubleshoot this problem one invaluable tip that I came across is turning on Apache's mod_rewrite logging.
# Adding logging for Rewrites
RewriteLog logs/rewrite.log
RewriteLogLevel 2
Put this in any globally scoped area of httpd.conf; I put it around the entries that were already there about logging but you can also just put it at the end if you like that better. In addition, the basics around rewrite troubleshooting includes (apologies if this basic):
make sure that your httpd.conf has AllowOverride All and Options FollowSymLinks set for the directories you serving Restler out of.
You can put all of the configuration into httpd.conf and avoid .htaccess files altogether (and it's a bit faster that way too) but if you do that remember that httpd.conf has absolute url referencing versus .htaccess's relative.
You can check the ReadMe file on the Restler Github page
https://github.com/Luracast/Restler-API-Explorer#readme
Did you add the 'Luracast\Restler\Resources' class to create resources.json at API Root?
In your own index.php, the addAPIClass section should look like this:
$r = new Restler();
$r->addAPIClass('Luracast\\Restler\\Resources'); //this creates resources.json at API Root
// ... your own addApiClass
$r->handle();
It is in the documentation under "Use", but I had trouble figuring this out as well...
Make sure you have cache directory with write permission in your api root
I am trying to setup and learn the Fat Free Framework for PHP.
http://fatfree.sourceforge.net/
It's is fairly simple to setup and I am running it on my machine using MAMP.
I was able to get the 'hello world' example running just fin:
require_once 'path/to/F3.php';
F3::route('GET /','home');
function home() {
echo 'Hello, world!';
}
F3::run();
But when I try to add in the second part, which has two routes:
require_once 'F3/F3.php';
F3::route('GET /','home');
function home() {
echo 'Hello, world!';
}
F3::route('GET /about','about');
function about()
{
echo 'About Us.';
}
F3::run();
I get a 404 error if I try the second URL: /about
Not sure why one of the mod_rewrite commands would be working and not the other.
Below is my .htaccess file:
# Enable rewrite engine and route requests to framework
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-l
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php [L,QSA]
# Disable ETags
Header Unset ETag
FileETag none
# Default expires header if none specified (stay in browser cache for 7 days)
<IfModule mod_expires.c>
ExpiresActive On
ExpiresDefault A604800
</IfModule>
So my friend actually helped me out with this issue. I ran into the exact same problem, but basically I'm using MAMP also and have all my Fat Free files within a fatfree dir within htdocs of MAMP.
The solution is you need to mod the RewriteBase to point to /[dirname]/ instead of just / and then change RewriteRule to /[dirname]/index.php.
My .htaccess looks like this:
RewriteEngine On
RewriteBase /fatfree/
RewriteCond %{REQUEST_FILENAME} !-l
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* /fatfree/index.php [L,QSA]
After that's set, you can follow the example in the Fat Free doc exactly and it'll work like a charm. This stumped me for a while and this was all it needed. Also, if you're using MAMP, edit the httpd.conf file in /Applications/MAMP/conf/apache and be sure to alter the following:
<Directory />
Options Indexes FollowSymLinks
AllowOverride None
</Directory>
to
<Directory />
Options Indexes FollowSymLinks
AllowOverride All
</Directory>
Basically change None to All.
If you're running F3 under a subfolder, you must change the RewriteBase in .htaccess to match the folder.
In your .htaccess you have 'index.php' it needs a slash ... '/index.php'
# Enable rewrite engine and route requests to framework
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-l
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* /index.php [L,QSA]
otherwise when it tries to rewrite /about/ it will look for /about/index.php instead of just the root /index.php
I just had another thought.. it 'is' possible that althought mod_rewrite is intalled there may be a quirk with the server causing it not to rewrite..
If the global route below doesnt work you might want to test the rewrite
RewriteRule ^/google http://www.google.com [L,NC];
You could also try a global route for the directory
F3::route('GET /about/*','about');
but that means anythin under domain.com/about/ ...... anything ... will reroute to the about function...
A note about mod_rewrite and FF
As you said, FF is givikng you a 404 because it is expecting '/' instead of '/index.php'... However, it is the index.php which is expecting the difference..
To demonstrate that, i believe you can duplicate your
F3::route('GET /','home');
as
F3::route('GET /index.php','home');
and the page should display...
The reason for this is if you just go to the / directory (or /index.php) eitehr way apache servesx the index.php page....
The mod_rewrite allows you to redirect the /about and have it redirect to the index.php.. So if your rewrite rule is not working then the redirect/rewrite does not happen and you will get a 404...
As i mentioned above, test the mod_rewrite with the google rule.. then try to go to http://localhost:80/google
if it does not redirect you to google then your rewrite engine is not working... (probably an issue with the windows configuration..)
to enable mod_rewrite under windows:
Open your http.conf
Find this line:
#LoadModule rewrite_module modules/mod_rewrite.so
remove the comment mark (#) from the line... so you have:
LoadModule rewrite_module modules/mod_rewrite.so
Save the file and restart apache..
Alternatly.. I think you can just say:
LoadModule rewrite_module modules/mod_rewrite.so
at the start of your htaccess file...
I banged my head on this for 2 days. I debugged htaccess and php both. The actual problem is this :
If you copied the .htaccess file from their fatfree-1.4.4 zip download, its not .htaccess its htaccess (. is missing) Just rename this file to .htaccess from htaccess and everything will work perfectly as its mentioned in the document !!!
I am using this .htaccess works for non-root folders too
Options -Indexes
IndexIgnore *
RewriteEngine On
RewriteCond $1 !^(index\.php|images|main\.css|form\.css|favicon\.ico|robots\.txt|sitemap\.xml)
RewriteRule ^(.*)$ index.php/$1 [L,QSA]
Note: If you want to call your .htaccess file something else, you can change the name of the file using the AccessFileName directive. For example, if you would rather call the file .config then you can put the following in your server configuration file:
AccessFileName .config
here
This response may be too late for you but I had the same problem yesterday.
It sounds like the problem is apache is not rewriting urls. I had the same issue when trying to get F3 running on OSX 10.7 - the 'GET /' route would work but not the 'GET /foo' as the F3 index.php was in a subdir for localhost/F3. My solution was to:
ensure the .htaccess was set as you have.
ensure mod_rewrite.so was enabled in apache's httpd.conf
ensure that you set AllowOverride All (mine was None) for your web directory in httpd.conf (further down the file).
restart apache
Without step 3, apache will ignore any rewrite directives. I discovered this by changing the permalinks on a local wordpress install and they failed indicating the problem was the apache config, not F3.
I'm running this with a MAMP stack.
I renamed their folder from "fatfree-master" to "f3".
I put that folder next to htdocs.
Their .htaccess file (now inside MAMP/f3/lib) remains untouched.
My .htaccess (in my web subfolder) is stock standard as per their example:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-l
RewriteRule .* index.php [L,QSA]
Hope this helps someone.
I had the same issue and i solved it by moving the .htaccess file to the root directory of the fatfree project.
create a file .htaccess with folowing code at root directory
# Enable rewrite engine and route requests to framework
RewriteEngine On
# Some servers require you to specify the `RewriteBase` directive
# In such cases, it should be the path (relative to the document root)
# containing this .htaccess file
#
# RewriteBase /
RewriteCond %{REQUEST_URI} \.ini$
RewriteRule \.ini$ - [R=404]
RewriteCond %{REQUEST_FILENAME} !-l
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule .* index.php [L,QSA]
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]