I have a sub-domain for my mobile app which is like http://m.traffic.domain.com
now I want that my users can access their page by visiting http://m.traffic.domain.com/username
which will internally point to http://m.traffic.domain.com/index.php?username=$1
for this I have following .htaccess rewrite code but its not working as expected rather its redirecting all pages to http://m.traffic.domain.com/index.php?username=$1 this
page
# Use PHP5 Single php.ini as default
AddHandler application/x-httpd-php5s .php
AddHandler application/x-httpd-php .aspx
RewriteEngine On
RewriteCond %{HTTP_HOST} ^m\.traffic\.domain\.com$ [NC]
RewriteCond %1 !^www$ [NC]
RewriteRule ^(.+)$ mobile/index.php?username=%1 [L]
<Files 403.shtml>
order allow,deny
allow from all
</Files>
The subdomain http://m.traffic.domain.com points to a directory called mobile which can be accessed http://traffic.domain.com/mobile
Try this code instead:
# Use PHP5 Single php.ini as default
AddHandler application/x-httpd-php5s .php
AddHandler application/x-httpd-php .aspx
RewriteEngine On
RewriteCond %{HTTP_HOST} ^m\.traffic\.domain\.com$ [NC]
RewriteRule ^([^.]+)/?$ /index.php?username=$1 [L,QSA]
<Files 403.shtml>
order allow,deny
allow from all
</Files>
Matched groups from RewriteRule are $1, $2 instead of %1, %2 and you don't need /mobile since your request is for m.traffic.domain.com not traffic.domain.com
Related
After upgrading my php version from 5.6 to 7.4, and revising my .htaccess file to acknowledge the new version, my html page is not processing its php code. In other words, the php code itself is output instead of its intended calculations. All php code worked fine before the version upgrade.
In the revised .htaccess file, version 7 replaced version 5 in the AddHandlers. Using phpinfo I checked to see if the php version was in fact correct. It was correct.
I know the code on my page is correct because it runs as it should when that page uses a .php extension in place of the .html extension. It worked fine prior to the version upgrade. What is wrong with my revised .htaccess? First, here is my revised .htaccess file:
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://example.com/$1 [R,L]
RewriteOptions inherit
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php74” package as the default “PHP” programming language.
<IfModule mime_module>
AddHandler application/x-httpd-ea-php74 .php .php7 .phtml
</IfModule>
# php -- END cPanel-generated handler, do not edit
RewriteEngine on
<Files index.html>
AddHandler application/x-httpd-php7 .html
</Files>
<Files index2.html>
AddHandler application/x-httpd-php7 .html
</Files>
<Files index-threejs.html>
AddHandler application/x-httpd-php7 .html
</Files>
...and here is my old .htaccess file that worked fine before the php upgrade:
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
#RewriteEngine On
#RewriteCond %{HTTP_HOST} dentonrainfall\.com [NC]
#RewriteCond %{SERVER_PORT} 80
#RewriteRule ^(.*)$ https://dentonrainfall.com/$1 [R,L]
RewriteEngine on
<Files index.html>
AddHandler application/x-httpd-php5 .html
</Files>
<Files index2.html>
AddHandler application/x-httpd-php5 .html
</Files>
<Files index-threejs.html>
AddHandler application/x-httpd-php5 .html
</Files>
RewriteEngine Off
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://dentonrainfall.com/$1 [R,L]
Jan's suggestion was the solution. To repeat what they said:
I noticed your custom AddHandler statements use a different MIME type from the one apparently auto-generated by cPanel, have you tried using application/x-httpd-ea-php74
I need to make this .htaccess file work in Apache 2.4. It seems Apache 2.4 does not like
Order Allow,Deny
Deny from all
I changed that to
<FilesMatch "\.(htaccess|htpasswd|ini|psd|log|sh|crt|gitignore|md)$">
Require all denied
</FilesMatch>
Here are some errors I have seen so far implementing it:
AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh)
AH01797: client denied by server configuration: /var/www/html/
And here is the .htaccess file I am trying to make work in Apache 2.4. Can you spot anything else Apache 2.4 would not like ?
Options -Indexes
<FilesMatch "\.(htaccess|htpasswd|ini|psd|log|sh|crt|gitignore|md)$">
Order Allow,Deny
Deny from all
</FilesMatch>
<Files 8fjfsuUhhhhh8/*>
deny from all
</Files>
<Files backups/*>
deny from all
</Files>
<Files stats/*>
deny from all
</Files>
<Files icons/*>
deny from all
</Files>
<Files error/*>
deny from all
</Files>
<Files logs/*>
deny from all
</Files>
<Files git/*>
deny from all
</Files>
<Files .git/*>
deny from all
</Files>
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^blog/(.*)$ https://blog.mysite.com/$1 [R=301,NC,L]
# Old Site Redirects
RewriteRule ^retailers($|/$) /merchants/ [R=301,NC,L]
RewriteRule ^faqs($|/) /FAQ/ [R=301,NC,L]
RewriteRule ^contact($|/) /contact-us/ [R=301,NC,L]
RewriteRule ^login($|/) /customer-login/ [R=301,NC,L]
RewriteRule ^bank-vision($|/) /FAQ/ [R=301,NC,L]
# New Website Proxying
# Handle Request to index
RewriteCond %{THE_REQUEST} ^GET\ /\ .*
RewriteRule . http://mysite.com.s3-website.eu-west-2.amazonaws.com/ [P]
# Handle all the named pages
RewriteRule ^(merchants|how-it-works|shop-directory|contact-us|terms-of-use|privacy-policy|complaints-policy|careers|FAQ|error)($|/) http://mysite.com.s3-website.eu-west-2.amazonaws.com/$1$2 [P]
# Handle the various static elements
RewriteRule ^static/(.*)$ http://mysite.com.s3-website.eu-west-2.amazonaws.com/static/$1 [P]
RewriteRule ^page-data/(.*)$ http://mysite.com.s3-website.eu-west-2.amazonaws.com/page-data/$1 [P]
RewriteRule ^([^\/]*).js$ http://mysite.com.s3-website.eu-west-2.amazonaws.com/$1.js [P]
RewriteRule ^icons-(.*)/(.*)\.(png|jpg)$ http://mysite.com.s3-website.eu-west-2.amazonaws.com/icons-$1/$2.$3 [P]
# Handle request to homepage with get parameters
RewriteCond %{THE_REQUEST} ^GET\ /\?utm_source=([^\s&]+)
RewriteRule . http://mysite.com.s3-website.eu-west-2.amazonaws.com/ [P]
RewriteCond %{THE_REQUEST} ^GET\ /\?ref=([^\s&]+)
RewriteRule . http://mysite.com.s3-website.eu-west-2.amazonaws.com/ [P]
# Legacy Platform stuff
RewriteRule ^(frontend/process/process/components|admin-lf7/ui/ajax|frontend/ajax|8fjfsuUFks988/cron)($|/) - [L]
RewriteRule ^rt8aglCo7XfQOxxQH2mTDZw45675675675567P27da4t1T1yJIB5Be58ih /admin.php [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
RewriteCond %{THE_REQUEST} ^[A-Z]+\ /[^?\ ]*\.php[/?\ ]
RewriteRule .*\.php$ index.php [L]
</IfModule>
When I use this .htaccess file from AWS beanstalk examples I can see the site ok :
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
Order Allow,Deny Deny from all is backward compatible with Apache 2.4, so you should be fine with old config.
The error AH10244: invalid URI path (/cgi-bin/.%2e/.%2e/.%2e/.%2e/bin/sh)
is actually attempt to exploit your server and your apache correctly denyes that.
Do you test that FilesMatch properly ? like trying to access: yourpage.com/.htaccess ? As result you should see in log your second "error" AH01797: client denied by server configuration: /var/www/html/ which means your .htaccess and the FilesMatch within works as should
I like to block all ".php" requests for my site except the "index.php" how can I achieve this with .htacess and the rewrite mod?
RewriteEngine On
RewriteCond %{REQUEST_URI} ^.*(.php) [NC]
RewriteRule ^(.*)$ - [F,L]
You can use a negated condition patter in RewriteRule:
RewriteEngine On
RewriteCond %{REQUEST_URI} \.php$ [NC]
RewriteRule !^index\.php$ - [F,NC,L]
I used this for years and it works perfectly. You can add multiple files to allow list separated by |
#PROTECT FILES
<Files *.php>
Order Deny,Allow
Deny from all
</Files>
#ALLOW FILES
<FilesMatch index.php|captcha.php>
Allow from all
</FilesMatch>
I am currently using an htaccess file to remove the php extension from my website files. It is working properly on one of my websites, but not on another and we're using the same code. (but with additional redirects on the one that is broken)
The weird part is - it has been working for months and only stopped working when Media Temple updated our grid server from Debian Squeeze to Wheezy (and they claim that shouldn't have changed how the htaccess works, but not sure what other explanation there is.)
Apparently it does still redirect html files. Any ideas why?
Current code:
# BEGIN (mt) controlled settings
<IfModule !mod_fcgid.c>
AddHandler php-stable .php
</IfModule>
<IfModule mod_fcgid.c>
AddHandler fcgid-script .php
<Files *.php>
Options +ExecCGI
</Files>
</IfModule>
# END (mt) controlled settings
Options +MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]
RewriteRule ^([^\.]+)$ $1.html [NC,L]
ErrorDocument 403 /error-403
ErrorDocument 404 /error-404
ErrorDocument 500 /error-500
That code is followed by our 301 Redirects.
The host finally figured out the issue after saying it wasn't the update to Debian's fault. This is what they said:
the recent Wheezy update to the Grid had indeed modified a few >unexpected things, including the way MIMEs are configured which is why >+MultiViews was working for [site 1], which contains only .html files, >while [site 2] was not working, which contains .php files. To correct this, I have added the following line to the ~/domains/[site 2]/.htaccess file so that it interprets .php files correctly:
AddType application/x-httpd-php .php
So the code now looks like this:
AddType application/x-httpd-php .php
# BEGIN (mt) controlled settings
<IfModule !mod_fcgid.c>
AddHandler php-stable .php
</IfModule>
<IfModule mod_fcgid.c>
AddHandler fcgid-script .php
<Files *.php>
Options +ExecCGI
</Files>
</IfModule>
# END (mt) controlled settings
Options +MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]
RewriteRule ^([^\.]+)$ $1.html [NC,L]
Here's my current situation:
I'm rewriting /api to api.php.
RewriteRule ^apidir/url/new?$ api.php [QSA,NC,L]
Now, I am whitelisting IP's for it. However, when I try and use the Files directive to block access, I can't because it is being rewritten.
<Files "\api.php">
order allow,deny
allow from all
deny from 24.11.95.151
</Files>
so, I tried just using it to block the rewritten directory
<Files "\apimashape2013/url/new">
order allow,deny
allow from all
deny from 24.11.95.151
</Files>
None of these have worked out.
If you have access to the virtualhost you can use this:
RewriteEngine on
RewriteMap hosts-deny txt:/home/youraccount/deny_list.txt
RewriteCond ${hosts-deny:%{REMOTE_ADDR}|NOT-FOUND} !=NOT-FOUND [OR]
RewriteCond ${hosts-deny:%{REMOTE_HOST}|NOT-FOUND} !=NOT-FOUND
RewriteCond %{REQUEST_URI} ^/api [NC]
RewriteRule ^ - [F]
And have the deny_list.txt with the list of IP's or HOST you wish to blacklist:
193.102.180.41 -
bsdti1.sdm.de -
192.76.162.40 -
Read more here.
Alternatively if you don't have access to the virtualhost, you can change the name of your php file to something unique for example thisismyapi.php and use it like this:
Options +FollowSymLinks -MultiViews
RewriteEngine On
RewriteBase /
<Files "thisismyapi.php">
order allow,deny
allow from all
deny from 24.11.95.151
</Files>
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_URI} !thisismyapi.php
RewriteRule ^api/?(.*)$ /api/thisismyapi.php [L]
Why do I change it to other name?
Because this way it will match it anywhere it is so it should work just fine for your needs and will not conflict with other files.
For example in this way it the file was named index.php it would conflict with index.php in other folders.
Not sure why the first <Files> container isn't working. The \ shouldn't have any effect. But the container needs to be in the directory or parent directory of where the api.php file is.
Alternatively, you can include this in your htaccess:
RewriteCond %{REMOTE_ADDR} ^24\.11\.95\.151$
RewriteRule ^/?api.php$ - [L,F]