We proxy images as licensed content and need to add max-age headers to the proxied images. Attempted modifying .htaccess, but it didn't work and suspect this is due to the proxied image folder not being an actual directory on the server.
First, the proxy is set up in apache2.conf:
# Image Proxy
ProxyPass /photo http://photo.licensor.com
ProxyPassReverse /photo http://photo.licensor.com
Made several attempts to modify .htaccess under the site's public_html directory. It appears that the condition to modify the max-age header for proxied images is never recognized by Apache since /photo is not a real directory.
I'd really like to target ONLY the proxied images using the /photo directory that isn't real.
You can't use a <location> container in an htaccess file. It's probably best to put this in your apache server config file next to your ProxyPass settings:
<LocationMatch "/photo">
# Image Proxy
ProxyPass http://photo.licensor.com
ProxyPassReverse http://photo.licensor.com
Header unset Etag
Header set Cache-Control "max-age=86400, public"
Header unset Expires
</LocationMatch>
Related
How can I set X-Frame-Options in my PHP code so that it will be there in all the web pages from my server. Basically, I am trying to avoid iframe loading of my web app.
Use below in your php file which outputs response to client side.
header("X-Frame-Options: DENY");
DENY will fully block. You may try SAMEORIGIN option also.
header("X-Frame-Options: SAMEORIGIN");
If you are using apache web server, you can directly set in httpd.conf also.
<Directory />
...
Header always set X-Frame-Options "SAMEORIGIN"
</Directory>
The X-Frame-Options prevents your site content embedded into other sites. Browser allowed other sites to open web page in iframe. It also secure your Apache web server from clickjacking attack.
There are three options available to set with X-Frame-Options:
‘SAMEORIGIN’ – With this setting, you can embed pages on same origin. For example, add iframe of a page to site itself.
‘ALLOW-FROM uri – Use this setting to allow specific origin (website/domain) to embed pages of your site in iframe.
‘DENY – This will not allow any website to embed your site pages in an iframe.
We have two way to Setup X-Frame-Options
1. with Apache Configuration
2. with .htaccess
with Apache configuration:
Debian based systems: /etc/apache2/conf-enabled/security.conf
Redhat based systems: /etc/httpd/conf/httpd.conf
Header set X-Frame-Options: "SAMEORIGIN" #Allow for Same Origin (Default Action)
Header set X-Frame-Options: "ALLOW-FROM http://example.com/" #Allow from specific origin
Header set X-Frame-Options: "DENY" #Deny to everyone
with .htaccess
Header append X-Frame-Options: "SAMEORIGIN"
I have xsendfile module working and files are being served using X-Sendfile header. But somehow files from any folder gets served.
How do I rectrict it so that I can use X-sendfile headers only for specific folders?
I have tried setting XSendFilePath, even then files outside that folder also get sent if I use X-Sendfile header.
This is what I have in my virtualhost section
XSendFile on
XSendFilePath /home/domain/public_html/files
If I use php to send files from /home/domain/public_html/abc using X-Sendfile. It gets sent without any problem. I do not want this. I only want X-Sendfile to work for files within /home/domain/public_html/files.
Try with the XSendFilePath directive
XSendFilePath allow you to add additional paths to some kind of white list. All files within these paths are allowed to get served through mod_xsendfile.
It is imporant the the XSendFilePath directive is in a apache config file context that is relevant to the url you are using, e.g. not within a virtual host section which is not interpreted due your actual virtual host (in your url).
probably and in most configurations, XSendFilePath is used in the main section of apache config file, not in a specific context like virtual host, dolmain, etc.
does this help?
XSendFilePath /tmp
<VirtualHost *>
ServerName www.someserver.com
XSendFilePath /home/userxyz
</VirtualHost>
(first occurance of XSendFilePath -> works globally, second occurance does only work if your php script producting the XSendFile header is called from within domain www.someserver.com)
I have a bunch of subdomains in one single server:
a.example.com
b.example.com
news.example.com
All of them are in the same Apache virtualhost.
I need to use a feed provided by the news subdomain inside the a and b subdomain. The feeds typically look like this:
news.example.com/news/a
news.example.com/news/b
On the a and b subdomains, I'm using jquery's ajax function to load the data from the news feeds, and present it on a and b. This initially didn't work, because of the same-origin policy.
I was able to override this by adding the Access-Control-Allow-Origin "*" to my Apache config file.
... but this works only in Firefox, Chrome and Safari. Internet explorer seems to ignore that directive.
Thus, I need to create a proxy.
What I need is a new directory in all my subcomains (for example /proxy) that Apache detects, and redirects to news.example.com, no matter what the subdomain. So:
a.example.com/proxy/news/a -> return the contents of news.example.com/news/a
b.example.com/proxy/news/b -> return the contents of news.example.com/news/b
Can I do this directly in Apache + submodules (for example, mod_rewrite), or do I need to use a scripting language like PHP for doing this?
You want the ProxyPass Directive.
ProxyPass /proxy/news/a http://news.example.com/news/a
At the end we were able to make the proxy using a combination of two modules: mod_rewrite and mod_proxy.
The syntax was the following:
rewriteEngine on
rewriteRule proxy/(.+)$ http://news.example.com/$1 [P]
The [P] at the end is telling the rule "act as a proxy" and doesn't work without mod_proxy. Without it, apache makes a "redirect" (the url at the top of the page changes) instead of "just serving the page".
Apache can be configured to use apache:
consider this working sample code (proxy part):
<VirtualHost *:80>
ServerAdmin webmaster#localhost
ServerName ci.testserver.com
ServerAlias ci
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPreserveHost on
ProxyPass / http://localhost:8080/
</VirtualHost>
How do I tell my local server to interpret all relative paths, that start with a /uploads/, from a remote server (the production server)?
The uploads folder is out of version control and I don't have it in my local server (the testing server).
You can use the mod_proxy module of apache.
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass /uploads http://live.domain.com/uploads
ProxyPassReverse /uploads http://live.domain.com/uploads
The ProxyRequests Off disables forward proxy so your machine can't be used as a proxy server.
The <Proxy *>...</Proxy> sets the access rights to your (Reverse-)Proxy; 'all' in this case.
And finaly the ProxyPass and ProxyPassReverse define that every request to '/uploads' should be passed on to 'http://live.domain.com/uploads' (->ProxyPass) and every response from 'http://live.domain.com/uploads' should be treated as it would be from '/uploads' (->ProxyPassReverse).
Is it possible to save a cookie on a user computer when he loads an image from my server?
So let's say my image url is: http://www.site.com/image.jpg
If he loads just that jpg, can I save a cookie on his machine?
Thanks,
You will have to serve the image through a PHP script if you want to use PHP for this. This may be done by rewriting the request to go to a PHP file, and then use readfile in that script.
Another solution is to set the cookie directly in your web server. How you do that depends on the web server you are using. This is how you do it in Nginx:
location /image.jpg {
add_header Set-Cookie "cookiename=value";
}
And for Apache:
<FilesMatch "^image\.jpg$">
Header set Set-Cookie: "cookiename=value"
</FilesMatch>
If you are using Apache 2.0.40 (or later) then you can try adding the following code in .htaccess file:
RewriteEngine On
RewriteBase /
RewriteRule ^image\.jpg$ - [co=YourCookieName:YourCookieValue:YourCookieDomain]
More info here