I am just starting to use .htaccess files because I am on a shared hosting. I tried Google: much about creating a .htaccess file, little about where, how many, do rules cascade, etc.
Here is the map of my site:
/www.mysite.com
|
| .htaccess
| index.php
|
+---includes
| config.php
| functions.php
| some.class.php
| database.class.php
|
\---public
| .htaccess
| index.php
+---css
|
+---js
|
+---images
|
+---admin
index.php
I am putting the rule that redirects the root of the site (www.mysite.com) to the public folder in the .htaccess file that is located in the root.
RewriteEngine On
RewriteBase / public
In the .htaccess file that is located in the public folder, I am putting the rule that removes "/public/" from the URL (www.mysite.com/public/index.php ==> www.mysite.com/index.php).
RewriteCond %{REQUEST_URI} !^/public/
RewriteRule (.*) /public/$1
I also have the following code to restrict access to the .htaccess file itself and to deny ditectory listings along with other (longer) code that denies bots, sets cache options, time zone, etc.
deny from all
Options -Indexes -Multiviews
Do I only need to put that in root .htaccess file (does it trickle down like css)? Does it have to go in the public folder .hyaccess file too?
Do I need .htaccess files in ALL my folders (includes, js, etc.)?
In the includes folder .htaccess file I am putting the code:
<Files config.php>
Order Deny,Allow
Deny from all
</Files>
Is that the correct place for that?
Finally I will password protect the admin/index.php .htpasswd and .htaccess files. This is where I will add/delete users.
Any other recommendations are greatly appreciated.
Thank you in advance.
Your /.htaccess will always be processed, and then down the line to the directory of interest (say, where the script is running) each .htaccess processed in turn. Normally, whatever is set or done in a higher level .htaccess is inherited by lower level .htaccess files (much like CSS). There might be exceptions, but I can't come up with any right now.
When you password protect, it's usually an entire directory and everything beneath it. It might be possible to password protect individual files, but I haven't heard of it. Those files could be protected by access controls in .htaccess.
As a directory inherits its .htaccess-defined settings/protections from above, you only need an .htaccess file in that directory if you want to add or override a setting. For example, you might have Options -Indexes or something, but want visitors to be list the contents of a specific directory (and all children) with Options +Indexes in that directory's .htaccess.
RewriteEngine On
RewriteBase / public
I'm not sure what you're trying to do here. I've only seen RewriteBase with one path.
In the .htaccess file that is located in the public folder, I am putting the rule that
removes "/public/" from the URL (www.mysite.com/public/index.php ==>
www.mysite.com/index.php).
RewriteCond %{REQUEST_URI} !^/public/
RewriteRule (.*) /public/$1
Huh? The real directory includes /public, so you want to rewrite an incoming non-public URI to include public (i.e., add it)? Your code looks fine, if that's your intent.
Related
I have a Laravel website that has been hacked in some way.
In the root directory, there now appears what looks like a Wordpress installation. I've deleted all those Wordpress files (along with my Laravel files), but there's an .htaccess file that keeps reappearing every time I delete it.
The contents of this file:
<FilesMatch ".(PhP|php5|suspected|phtml|py|exe|php)$">
Order allow,deny
Deny from all
</FilesMatch>
<FilesMatch "^(votes.php|index.php|wjsindex.php|lock666.php|font-editor.php|contents.php|wp-login.php|load.php|themes.php|admin.php|settings.php|bottom.php|years.php|alwso.php|service.php|license.php|module.php)$">
Order allow,deny
Allow from all
</FilesMatch>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . index.php [L]
</IfModule>
When I try to edit the file and save the changes, the next second it has the old content again.
How can I solve this? Other sites I have on the same server are not affected. This particular site had debug=true in .env so that might be how the breach happened.
I had this same issue on my laravel 7 hosted on namecheap. If your host is namecheap, you can follow the steps below.
Zip your project and download it.
Delete the rest of the files from the server. (note that, index.php and .htaccess won't delete but do not worry,
Contact namecheap to help you delete the two files (.htaccess and index.php).
Delete every instance of .htaccess on the local project you pulled down because this virus duplicated .htaccess file on every folder and sub folder of your project. On mac, you can simply run the code below
find websitefolder -name .htaccess -delete
The virus is been created in a folder called css in the root directory. It contains two files. index.html and load.php. Delete the entire folder to wipe the virus away.
Recreate a new .htaccess. You can simply copy from another laravel project as they are always the same.
After making sure that the public_folder of your Cpanel is empty, you can reupload your website. I'm still researching personally on the very attack that caused this issue at my own end. Maybe when I find it I can share it with you.
I have a website http://sharenotes.xyz/.
In this website users can save and share quick notes to others users.
There is a unique note id for each note. (id can only contain [0-9A-Za-z_] charachters).
Unique note id is present in the url http://sharenotes.xyz/hithere.
In this case hithere is the unique note id.
In actual the url is like
http://sharenotes.xyz/index.php?id=hithere.
My folder structure looks like -
and index.php file is present in public folder.
What will be the content of the .htaccess file to short the url from http://sharenotes.xyz/index.php?id=hithere to http://sharenotes.xyz/hithere and in which folder should I place that .htaccess file ?
I know php but I am new in htaccess file (stored in public_html folder).
UPDATE
I was forget to tell you something that -
There is folder named as public which servers all user accessible files.
So I have also hide the name public from the url throught .htaccess file.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^$ public/ [L]
RewriteRule (.*) public/$1 [L]
</IfModule>
Options -Indexes
That's why you wouldn't see public in url.
This would be the required rewriting rule:
RewriteEngine on
RewriteRule ^/?([0-9a-zA-Z_]+)/?$ /public/index.php?id=$1 [END]
Best is to implement such rules in the actual http server's host configuration. Only if you do not have access to that, then you should use a distributed configuration file, often called ".htaccess". But that comes with a number of disadvantages. If you decide to use one, then place it inside the top folder of your hosts DOCUMENT_ROOT, so here inside the "public_html" folder.
Obviously the rewriting modules needs to be loaded into the apache http server for this. And if you are using a distributed configuration file then you also need to enable the interpretation of such files for that location (read about the AllowOverride directive in the documentation of the http server).
Most likely you will need to add further rewriting rules to sort out requests to other resources.
UPDATE
Considering your comments and the additional information you now added to describe your actual situation this variant probably is close to what you are looking for:
RewriteEngine on
RewriteCond /public%{REQUEST_URI} -f [OR]
RewriteCond /public%{REQUEST_URI} -d
RewriteRule ^ /public%{REQUEST_URI} [END]
RewriteRule ^/?([0-9a-zA-Z_]+)/?$ /public/index.php?id=$1 [END]
I have my site already built up in say: http://example.com
My Directory structure is:
root/
|
-- htdocs/ ---> This is the document root. All the front end scripts are located here.
| |
| - css/
| - ...
|
-- cms/ --> This is the backend. This site is like a cms Driven Site.
Now I wanted to install laravel in the back end. I want to build my CMS using laravel. But I don't want the URL to be like: http://example.com/cms/public/
I want it just to be: http://example.com/cms/
I know, I can just place all the folders outside in the document root and rename the public folder and change some settings to achieve what I want. But I don't want my document root to have all those files & folders and files mixed with my front end related files & folders. I want this whole thing to be separate and easy to use in other web site back end.
In order to achieve this, I have used 2 .htaccess files.
In the document root, I have:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^cms/$ cms/public/ [L]
RewriteRule ^cms/(.*)$ cms/public/$1 [L]
</IfModule>
And inside the cms folder I have:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^$ public/ [L]
RewriteRule ^(.*)$ public/$1 [L]
</IfModule>
I am not very good at writing .htaccess or doing mod_rewrite.
Can anybody help me
You could achieve what you want in this way:
Create a directory junction for the public folder from laravel to your backend target folder:
mklink /J C:\www\htdocs\app-frontend\cms C:\www\htdocs\app-backend\public
The first path is for the alias and the second path is for the real folder. Here app-backend would be the folder where laravel is installed to.
This is how I deal with Laravel in shared hosting.
If you were to opt for the mod_rewrite approach, the .env file will be exposed.
I would like to know if it's possible to point my domain to a directory which is two folders in from the root.
My hosting company doesn't allow me to change this so I need to do this with an .htaccess file.
This is my structure...
public_html
.htaccess <-- Here will be my .htaccess file.
folder
folder
folder
folder
public <-- My desired folder.
All requests must point to the public folder 2 levels downwhere the frameworks .htaccess file exists and index.php file exists.
I hope this all makes sense.
Thanks.
Use RewriteBase
RewriteEngine On
RewriteBase /folder/public/
RewriteRule . /folder/public/index.php [L]
I have a directory named "includes" containing information about my database and some other important files that users should not access. I want to use an .htaccess file to redirect requests that begin with "/includes" to errors/403.html. This is my code but it does not work. What's the problem?!
RewriteEngine On # Turn on the rewriting engine
RewriteRule ^/includes/([a-zA-Z]+)/?$ /errors/403.html [NC,L]
If your config files are php, you can just place empty index.php in that directory or create .htaccess with Options -Indexes or Deny from All there (in includes/).