I have a file that I don't want users to be able to navigate to on their own accord. However, if they click a link that sends them there, it's okay for the page to work. I currently have my htaccess file set up like so.
<Files "success.php">
Order Allow,Deny
Deny from all
</Files>
success.php is the name of the file, and in the directory of the success.php, I have the following in a htaccess file:
RewriteRule /?\.htaccess$ - [F,L]
RewriteRule ^/?admin/paypal/success\.php$ - [F,L]
Will users still be able to get to success.php if they're directed there, because I know you're shown a 403 error if you just try to navigate there.
If it is the case that they will be blocked from being directed there, is there a way I can fix this?
When I type a URL to "success.php" in my browser's location bar and hit enter, my browser sends a request for success.php.
When I go to your website and click on a link that takes me to "success.php", my browser sends a request for success.php.
It's exactly the same, just because I click on a link on your site vs typing it in my browser, both are requested exactly the same. So when you deny access, you deny all access. What you need to check for the is "Referer" header, which browsers can (optionally) include in a request to let the webserver know what URL it just came from. Referers can be easily forged or sometimes omitted, so checking the referer isn't a guarantee.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://example.com/ [NC]
RewriteRule ^admin/paypal/success\.php$ - [F,L]
So if someone loads any page on the "example.com" site (e.g. your site) and then clicks on a link that goes to the success.php page, they'll be fine. Any other access from anywhere else will be 403.
Related
When my site redirect to with www I wrote below code in htaccess, mistakenly I forgot instead of example.com I placed example.org, it redirects to example.org now, I found my mistake and replaced with .com instead of .org, in browser I tested its redirect default to .org.
I don't know why its redirect to another site with .org. Is there any cache? How to resolve it?
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule (.*) http://www.example.org/$1 [R=301,L]
www.example.com is redirect to www.example.org
see this posting:
• The simplest and best solution is to issue another 301 redirect back
again.
The browser will realise it is being directed back to what it
previously thought was a de-commissioned URL, and this should cause it
re-fetch that URL again to confirm that the old redirect isn't still
there.
Edit: some comments throw doubt upon this, see below.
• If you don't have control over the site where the previous redirect
target went to, then you are outta luck. Try and beg the site owner to
redirect back to you.
and also this one:
Make the user submit a post form on that url and the cached redirect
is gone
How long do browsers cache HTTP 301s?
I have an underdeveloped website which is live on the net now (need remote access). This site has both php/html output for human visitors and .json output for the API. Currently I want it this way that if a human visitor visits the site, he/she will be redirect to a coming soon page. but if the request contains .json, it will be delivered. Note: the json requests on the api looks like:
example.com/../..../example.json
example.com/../../example.json/all/etc
Is there any way using .htaccess I can achieve such functionality? Thanks
Not sure if this is what you're looking for, but in order to allow access only to URLs containing ".json", and show a coming_soon.htm page otherwise, use the following .htaccess:
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !.json
RewriteRule ^.* coming_soon.htm [L]
I want to limit the access for some pages in my web site. I have some BL pages in PHP and I want to limit thier access to only internal access.
I mean that I want that these pages will be denied if the user type them in the browser, but will be accessible if another PHP page will call them (with POST or GET requests).
Is it possible to do that in the .htaccess file?
If it is, how?
Just to clarify, the php page isn't the one sending POST or GET request, it's the browser, which means you can't block by IP. So you need to be checking against the referer here. Problem with that is the referer can be easily forged so this is no guarantee that you'll be denying access.
You can check the referer using the %{HTTP_REFERER} variable in mod_rewrite and then use the F flag to deny access:
RewriteEngine On
# if the request's referer isn't from a php page on your site
RewriteCond %{HTTP_REFERER} !^https?://your-domain.com/.*\.php
# deny access to the list of php files
RewriteRule ^(path/to/protected.php|path/another_protected.php|images/protected.png)$ - [L,F]
you can restrict by user agent.. but it's not the better way...
RewriteCond %{HTTP_USER_AGENT} (Chrome|Firefox|Webkit)
RewriteRule .* -
if you know from where the request come from just add
Order allow deny
Allow from xx.xx.xxx.xx/xx
deny from all
sorry the poor english
I have to move a entire site to a new domain, the old domain will be used for another site, so I wish delete all files in old domain.
Can I delete all file and use 404 error page to redirect traffic to new pages?
example:
if($page == "http://www.site1.com/pagexxx.htm") {
header( 'Location: http://www.site2.com/new_page.html' ) ;
}
It technically and SEO correct?
Another method is to create another php file on your old domain, and in .htaccess add the following:
ErrorDocument 404 /dir/.../file.php
You just need to get the request uri in php and process the url and use the header function to redirect.
If you are doing 1:1 redirection, then just setup a redirect rule on your web server.
If, instead, you want to inform users that the site as moved, and redirect everything to the front page of the new site, I'd do the following:
1.) Create a redirect/rewrite rule on the web server to direct everything to your "This site has moved" page. I'd prefer a rewrite, so that they can easily change existing bookmarks.
2.) Put a message informing them of the move, a link to the new site, and a meta-refresh to automatically redirect after 5-10 seconds.
I would try it in .htaccess create or update an .htaccess file and put it in the root of the old domain with this below. If you are just changing domain names and files locations are still the same, this will redirect all traffic from old to new.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^olddomain.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.olddomain.com$
RewriteRule (.*)$ http://www.newdomain.com/$1 [R=301,L]
</IfModule>
I know that I can setup a 404 error page simply enough using .htaccess.
As I understand it, if a page isn't found, an error gets sent back to the browser and the 404 page is displayed. The user may or may not be aware of this 'error'.
What I would like to do is allow the user to type in page1.php, page2.php, page3.php etc., and go to a page that prints page1, page2, page3, etc.. respectively.
The reasoning is that the logic is very similar for page1, page2, page3, etc.. I think it might be easier to send the user to the same page, which then calculates what to do using the PHP server variables: determine if this is a valid page or not, and then either throw a 404 error or print the correct message.
Is this possible? Or just a stupid thought?
I would like the url to be unaffected and remain as the user typed.
Thanks.
This is definitely not a stupid thought.
The instance that delivers content, or error pages if no content is found, is the web server.
If you want to handle that logic in PHP, you can tell the web server to pass all requests to the same PHP file. Then you can make use of the $_SERVER variable to determine what the user was requesting and serve the content and send the correct status code (e.g. 404).
In Apache, you can define a Fallback Resource if you are using version 2.2.16 or later. This will redirect requests to non-existent files to a specified file.
<Directory /var/www/my_blog>
FallbackResource index.php
</Directory>
In older Apache versions, you can use mod_rewrite to redirect the requests:
<Directory /var/www/my_blog>
RewriteBase /my_blog
RewriteCond /var/www/my_blog/%{REQUEST_FILENAME} !-f
RewriteCond /var/www/my_blog/%{REQUEST_FILENAME} !-d
RewriteRule ^ index.php [PT]
</Directory>