My header.php contains header information for all my pages, but for the error404.php page needs the nofollow meta data meta name='robots' content='noindex, nofollow.
I tried this in header.php
<?php if($page_id = 'error404') { echo "<meta name='robots' content='noindex, nofollow'>"; } return false; ?>
/*error404.php*/
define("PAGE", "Error404"); $page_id ='error404';
But I can't seem to get it to work. This code currently kills all the css on the index.php file.
I'm using .htaccess for handing error 404s.
.htaccess
# Send user to error404.php
ErrorDocument 404 /error404.php
Any help would be appreciated.
Just call
header("HTTP/1.0 404 Not Found");
before any output (echo, print, ...). You can still have custom error page, but there will be no indexing.
Related
I have a multi language site
I want :
exemple.be/nl/
to redirect to
exemple.be/nl/start_nl.php
and
exemple.be/fr/
to redirect to
exemple.be/fr/start_fr.php
Can I do this, possibly with .htaccess?
I tried this, to no avail:
301 /nl/ https://exemple.be/nl/start_nl.php
There is a function called setlocale in php that be of use for making it so that it goes to a specific site with header("Location: start_nl.php");
http://php.net/manual/en/function.setlocale.php
But otherwise you can make so so the index.php goes to the specific site with header("Location: start_fr.php");
Just put in on the top, under the opening tag for php:
<?php
header("Location: start_fr.php");
?>
It can also be done with html.
<meta http-equiv="refresh" content="2; URL=start_fr.php">
I found the answer on another site
In the .htaccess file, I wrote :
RewriteEngine On
RewriteRule ^nl/?$ https://exemple.be/nl/nl-start.php
RewriteEngine On
RewriteRule ^fr/?$ https://exemple.be/fr/fr-start.php
I am learning PHP and Apache configurations, i am using XAMPP Version: 5.6.19. I have a page named default.php, this page will load a header, a footer and a content subpage between them, this content subpage will be saved on a folder named "content". So to load the site showing the content subpage i would write:
localhost/misite/default.php?page=subpage
to do so i have coded the default.php the following way:
<!--INCLUDE HEADER-->
<?php include 'includes/header.php';?>
<!--LOAD CONTET-->
<?php
/*if page is not set, redirect to index*/
if(!isset($_GET['page']) || strlen($_GET['page']) == 0)
{
header("Location: index.php");
die();
}
/*if page is set*/
else
{
/*search page on contet directory*/
$page = 'content/'.$_GET['page'].'.php';
/*if page not found on content directory, redirect to index*/
if(!glob($page))
{
header("Location: index.php");
die();
}
/*if page is found, load as subpage*/
else
{
?>
<main class = "<?php echo basename($page, '.php'); ?>">
<?php include $page;?>
</main>
<?php
}
}
?>
<!--INCLUDE FOOTER-->
<?php include 'includes/footer.php';?>
I coded it this way in order to only allow load of php files of content folder and most important to prevent access from there to another folder by doing the ../ trick, so if someone try that the result would be:
default?page=../.php
and that will produce a redirect to index page instead.
The problem emerged when i tried to have the same functionality with SEF URL's. I coded the following on the .htaccess:
RewriteEngine On
RewriteBase /misite/
RewriteRule ^([a-zA-Z0-9-]*)$ default.php?page=$1
So i could be able to write
localhost/misite/subpage
So i was expecting the same result as the parameter $1 would be now the value for the "page" parameter on default.php and expected that everything else would be exaclty the same, so i didn't expect to be able to access another folder. But when i tried the following:
localhost/../
As result i got to the dashboard page (localhost/dashboard/) which is a page located outside of mi site folder, and if i try
localhost/..img/ i can access the img folder and so on. It looks like it is not even executing my default.php conditional validations.
I am worried if this could be a security issue and worried if i could get hacked by this. And i don't know why this happens. In case this is a security issue, how can i fix it?
The security risk is with this line:
$page = 'content/'.$_GET['page'].'.php';
Without checking, you're allowing any input to search your disk with the subsequent call to glob. Relative paths will be evaluated, letting the user reference any PHP file on your server.
If all of your PHP files are within 'content' and not in deeper directories, one solution is
// Check "page" only contains letters, numbers, underscore
if (!preg_match('/^\w+$/', $_GET['page'])) {
header("HTTP/1.0 404 Not Found");
exit();
}
$page = 'content/'.$_GET['page'].'.php';
Then you can be confident the path in $page is only referencing a PHP file in your content directory.
Currently, about half of our webpages derive from our HTML_page.php.
I want to add a <div class="Error404"> tag, 404 div, there to display 404 error information.
If a non-HTML_page.php webpages triggers a 404 error, I cannot display an error message using my 404 div.
UPDATE: A non-HTML_page.php would be any of our older, legacy pages that do not yet inherit from our "HTML_page.php" base class and all external websites that link to items on our domain that may not exist.
So, the default structure still needs the 404 routed to our 404.php page, but modify the routing if I can detect that the webpage contains my 404 div.
Here is how our .htaccess page starts out now:
# Custom 404 page
ErrorDocument 404 /eForms/404Form.php
#
# Turn on rewrite engine
RewriteEngine on
#
# Rewrite rule for document secuity
RewriteRule ^(.+)\.pdf$ /docgateway.php?source=$1.pdf [L,NC,QSA]
This snippet of jQuery's hasClass illustrates the logic I want:
if ($("div").hasClass("Error404")) {
Is there any way to build that type of logic into the .htaccess file for the ErrorDocument?
I have a website with PHP and htaccess support.
Basically, I want to pass the URL entered by the user (that caused the 404) to the 404 page itself.
Is there any way to do this?
Add following rule in your .htaccess file.
ErrorDocument 404 /error.php
In the error.php file.
<?php // error.php
echo $_SERVER["REQUEST_URI"]. " doesn't exists. Sorry!";
?>
Just add the following in your .htaccess file (where 404.php is your error page)
ErrorDocument 404 /404.php
You can do it by adding the following rule in .htaccess.
ErrorDocument 404 /404.php
In your 404.php you can write
<h3>
Page Not Found.
</h3>
<div>
<p>Apologies, but the page you requested could not be found.</p>
<ul>
<li>You may have mistyped the page address.</li>
<li>You may have clicked on a link that has not been updated.</li>
<li>We have recently changed our site structure and the page has been moved to new location.</li>
</ul>
</div>
You can style this to display it properly.
Hope this helps :)
My present htaccess file contains mod_rewrite rules to perform this:
www.mysite.com/articles/jkr/harrypotter --> www.mysite.com/index.php?p=articles&author=jkr&book=harrypotter
www.mysite.com/articles/jkr --> www.mysite.com/index.php?p=articles&author=jkr
www.mysite.com/articles --> www.mysite.com/index.php?p=articles
In my root directory, I have some PHP files like: index.php, pre.php, view.php, etc.
What I want: block direct access to php files.
Eg:
www.mysite.com/index.php --> "404 - Page Not Found" or "File not exist"
www.mysite.com/view.php --> "404 - Page Not Found" or "File not exist"
I have tried a code that I found on searching. It uses "f" flag. But i did not understand it. When I used it do not show the home page also. So, I removed everything that I was testing. My htaccess file now contains three rules only(to accept page, author, book).
Please help.
I saw another question that was previous asked in here : mod_rewrite error 404 if .php
A change that I made to it is, added [NC] flag. Otherwise, if we put the uppercase letter in extension(say, "index.PHP") it will load.
So,
SOLUTION:
RewriteCond %{THE_REQUEST} \.php[\ /?].*HTTP/ [NC]
RewriteRule ^.*$ - [R=404,L]
thank you
Create a simple 404.php that throws a 404 error, then rewrite index.php to 404.php etc.
You can also do this at your script level. If you add a rule within your index.php to check whether you have been passed GET variables or just called the page without any parameters like so:
<?
if(empty($_GET))
header('Location: http://www.yoursite.com/404.php');
else
//your usual script
?>
Then you have control to either redirect people to a 404 error or show something more helpful, like a landing page with an index or some form of website navigation.