I am trying to restrict access to all files in my home directory, then to allow only one main php file from a subdirectory using one .htaccess file, but it does not work as expected. It shows only "Forbidden" for every request. How to make it work as expected?
Now I am using :
order allow,deny
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/$ [OR]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule .* /path_to_file/index.php [QSA]
You can just forward all requests to that particular file. Put this in your root .htaccess:
RewriteEngine On
RewriteCond %{REQUEST_URI} !/subdir/file\.php$ [NC]
RewriteRule ^ /subdir/file.php [QSA]
Related
I'm failing in edit a .htaccess file.
I created a complete website in a php slim framework (let's call it website S).
My client have a wordpress website (let's call it website W) that will have links toward my website S.
I copied all the files of my website S inside a directory of the root directory of the website W.
My idea is to change the follow htaccess (created by wordpress) to allow public access to the directory without creating any problem to move inside website S.
First .htaccess
RewriteEngine On
RewriteCond %{ENV:HTTPS} !on [NC]
RewriteCond %{QUERY_STRING} !wc-api [NC]
RewriteCond %{HTTP_HOST} ^website.pe$ [OR]
RewriteCond %{HTTP_HOST} ^www.website.pe
RewriteRule ^(.*)$ https://website.pe/$1 [R=301,L,NE]
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Then, I guess I could use inside the directory where the website S would be, the typical htaccess that works properly for it.
Edited I added the structure of the website S. The index.php is inside a public directory there.
Second .htaccess
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
RewriteRule ^(.*) - [E=BASE:%1]
RewriteBase /
#RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [QSA,L]
</IfModule>
I try different ways but, or get the message
"Forbidden You don't have permission to access this resource."
Or get inside but the website W stop working.
Any suggestions? Thanks in advance.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
RewriteRule ^(.*) - [E=BASE:%1]
RewriteBase /
#RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [QSA,L]
</IfModule>
In the config you've posted you would just need to remove the RewriteBase / directive from the second .htaccess file in the "slim" subdirectory. This is causing requests to your slim website to be routed back through the WordPress site in the document root (which would presumably result in a 404).
My idea is to change the follow htaccess (created by wordpress) to allow public access to the directory without creating any problem to move inside website S
You shouldn't need to touch the WordPress .htaccess file in the document root. This already allows you to access website S.
By default, the .htaccess file (or rather, the mod_rewrite directives) in the slim subdirectory is going to completely override the WordPress .htaccess file in the root.
Consequently, you'll need to repeat the HTTP to HTTPS redirect in the slim subdirectory (with a difference*1), before the existing directives. Presumably, the intention is to also redirect www to non-www? Although your current redirect (in the root .htaccess file) is not doing this properly.
For example, at the top of your second .htaccess file in the slim directory add the following:
# Redirect HTTP to HTTPS and www to non-www
RewriteCond %{ENV:HTTPS} !on [NC,OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(website\.pe) [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
*1 Note the use of the REQUEST_URI variable instead of the $1 backreference as used in the root .htaccess file. This is necessary when used in the subdirectory, otherwise, the subdirectory will be omitted from the redirected URL.
NB: Test first with a 302 (temporary) redirect to avoid caching issues.
UPDATE:
But I can't make the website S to run because inside the website S directory exist a public subdirectory with the index.php, arranged like this:
website.pe/ (website W wordpress)
-slimdirectory/ (website S slim)
--vendor/
--public/
---css/
---fonts/
---images/
---js/
---index.php
--bootstrap/
---app.php
--etc..
This is a rather important bit of information missing from your initial question. I assume that the public subdirectory is not part of the visible URL, in which case your second .htaccess file in the slim subdirectory (the parent directory of public) should be something like this instead:
# /slimdirectory/.htaccess
RewriteEngine On
# Redirect HTTP to HTTPS and www to non-www
RewriteCond %{ENV:HTTPS} !on [NC,OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(website\.pe) [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
# Calculate base directory
RewriteCond %{REQUEST_URI}::$1 ^(/.+)/(.*)::\2$
RewriteRule (.*) - [E=BASE:%1]
# Slim front-controller
RewriteRule ^public/index\.php - [L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . public/index.php [L]
RewriteRule ^$ public/index.php [L]
The QSA flag is not required.
You do not need the <IfModule> wrapper.
Yes MrWhite, I delete in the second .htaccess the RewriteBase / and now I can access a simple index.html in the directory where the slim website is that I used for testing.
But I can't make the website S to run because inside the website S directory exist a public subdirectory with the index.php, arranged like this:
website.pe/ (website W wordpress)
-slimdirectory/ (website S slim)
--.htacess
--vendor/
--public/
---css/
---fonts/
---images/
---js/
---index.php
--bootstrap/
---app.php
--etc..
I am new to htaccess and don't understand how one htaccess overwrite the other one, so if I use something like you told me in my second htaccess only like this
<IfModule mod_rewrite.c>
# Redirect HTTP to HTTPS and www to non-www
RewriteCond %{ENV:HTTPS} !on [NC,OR]
RewriteCond %{HTTP_HOST} ^www\. [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?(website\.pe) [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
RewriteEngine on
RewriteCond %{REQUEST_URI} !^public
RewriteRule ^(.*)$ public/$1 [L]
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [QSA,L]
</IfModule>
That should work... but still not
I've a wordpress installation inside a directory "public_html/mywebsite/"
. My root directory is "public_html/". My domain wwww.mywebsite.com pointed to the root folder "public_html/". Due to some reasons, I can't point the domain to the "mywebsite" folder. But I want to load the website from the "public_html/mywebsite/" directory when wwww.mywebsite.com is called. I tried with htaccess for this implementation. But not working.
In the "public_html/" directory, I put a .htaccess file and added the following code;
RewriteEngine On
RewriteCond %{HTTP_HOST} ^(www.)?mywebsite.com$
RewriteRule ^(/)?$ mywebsite [L]
It redirects the website to the "mywebsite" folder but it returns 404 page of the wordpress website.
I modified the .htaccess of the wordpress directory like this;
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_URI} !^/(mywebsite|mywebsite/.*)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
Any idea to solve this?
I used the wordpress redirect rule based on the following link and this worked for me.
https://codex.wordpress.org/Giving_WordPress_Its_Own_Directory
For more security .I made a new folder with a long random name and installed Wordpress there .To redirect visitors to that wordpress folder without them noticing anything in URL, I made a .htaccess file and wrote this in it.
<Files .htaccess>
order allow,deny
deny from all
</Files>
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?example.com$
RewriteCond %{REQUEST_URI} !^/my_subdir/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /my_subdir/$1
RewriteCond %{HTTP_HOST} ^(www.)?example.com$
RewriteRule ^(/)?$ my_subdir/index.php [L]
</IfModule>
first part is for security, second part is redirect.I replaced "my_subdir" with the random folder, and replaced "example.com" with my website.
Basically I have a directory setup like this:
/.htaccess
/home.php
/office.php
/office/tutorials.php
and a .htaccess file like this:
<Files ~ "^\.(htaccess|htpasswd)$">
deny from all
</Files>
order deny,allow
# setup
DirectoryIndex /home.php
ErrorDocument 403 /err403.php
ErrorDocument 404 /err404.php
# remove trailing slash
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [R=301,L]
# To internally forward /dir/file to /dir/file.php
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{DOCUMENT_ROOT}/$1.php -f [NC]
RewriteRule ^(.+?)/?$ /$1.php [L]
Now following is happening.
When I call "www.domain.com/home" it works perfectly.
But when I try to call "www.domain.com/office", I always get the home.php page without styling, and it shows i am at "www.domain.com/office/", so I guess in the directory named office.
I tried renaming the office/ directory, then the office.php file works perfectly again, but i need the directory to be named the same as the file, so the URI looks nice and clean and build up on each other like this:
www.domain.com/office (own page)
www.domain.com/office/tutorials (own page)
thanks in advance!
Your 3rd-to-last line reads:
RewriteCond %{REQUEST_FILENAME} !-d
You've asked Apache not to map www.domain.com/office to office.php because there is a directly called office. If that's not your desire, remove that line.
This is driving me mad. I'm trying to use .htaccess to redirect a subfolder (that doesn't exist) to the index page, using the subfolder name as the variable. ie:
http://www.website.com/john/
redirects to:
http://www.website.com/index.php?name=john
I've tried this (and various others) with no luck:
Options +FollowSymLinks
RewriteEngine On
RewriteRule ^(.*)$ index.php?name=$1
Here is an example, how you can do this:
# turn mod_rewrite engine on
RewriteEngine On
# rewrite a physical existing file or folder
RewriteCond %{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_FILENAME} !-d
# allow things that are certainly necessary
RewriteCond %{REQUEST_URI} "/layout/" [OR]
RewriteCond %{REQUEST_URI} "/javascript/"
# rewrite rules
RewriteRule .* - [L]
RewriteRule (.*) index.php?_route=$1 [QSA]
This one also denies access to folders you don't want to have public.
Try this one:
RewriteRule ^([^/]*)/$ /?name=$1 [L]
RewriteRule ^([^.]*)$ /index.php?name=$1 [L,QSA]
today i was trying to upload phpmyadmin to one of the folders with kohana site, but it turned out that instead of phpmyadmin i get empty page. so i think that this is the problem of rewriting rules in .htaccess in the root directory of the site.
.htaccess file has the following lines:
RewriteEngine On
RewriteBase /
<Files .*>
Order Deny,Allow
Deny From All
</Files>
RewriteRule ^(?:application|modules|system)\b.* index.php/$0 [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
# Rewrite all other URLs to index.php/URL
RewriteRule .* index.php/$0 [PT]
my phpmyadmin index.php file is located in phpmyadmin/ directory, but, as i've understood, every request is redirected to index.php in the root directory. how to make phpmyadmin work not breaking routing of kohana?
thanx for help!
Just add another RewriteCond before the last RewriteRule:
RewriteCond %{REQUEST_URI} !^/phpmyadmin
or to be more explicit, you can add another rule before the existing RewriteConds:
RewriteCond %{REQUEST_URI} ^/phpmyadmin
RewriteRule ^.*$ - [NC,L]