Is it possible to change this script to send users to another site incase the _escaped_fragment_ is present?
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/$
RewriteCond %{QUERY_STRING} ^_escaped_fragment_=/?(.*)$
RewriteRule ^(.*)$ /snapshots/%1? [NC,L]
e.g.
Could the last line be rewritten so it sends the user to
http://foo.bar.com/?url=the-full-url-with-hashbangs
that is, I want to recreate the "pretty url" from the escaped fragment, and pass that entire url to another site.
That site contains static snapshots that should be returned to the users browser.
[edit]
We are releasing a service that enables javascript sites e.g. angularjs, backbone etc to be indexed by googlebot by hooking in to the _escaped_fragment_ request they make.
see http://crawlr.wombit.se/
I want to be able to give correct examples to the users how to set this up in other environments. we are using this in ASP.NET ourselves.
Nope. that's impossible.
Just because hashbangs never being sent to server
Related
I have a blog with images. I do not want that the images are directly accessible through the URL (and also not for Googlebot and other bots)... for example... mysite.com/assets/images/img1... etc. So I thought to password protect the images directory with .htaccess. That worked, only front-end all my images became links, and I had to provide my credentials to make them show. How can I make my images show yet NOT make them directly accessible when typing the corresponding URL and the images URLs (or better yet the images directory) NOT accesible for bots to crawl/index?
Don't go with password protection. The right way to do it would be to filter the requests based on the referer URL. If the request originates from your own site then it's ok. Otherwise the request is trying to get an image directly.
I've found this site with detailed instructions on how to do that: http://altlab.com/htaccess_tutorial.html
Taken from the mentioned site:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://(.+\.)?mysite\.com/ [NC]
RewriteCond %{HTTP_REFERER} !^$
RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://url_to_default_image.gif [L]
Note that you would have to enable mod_rewrite in your Apache server.
Btw, just asking. Why don't just let people get the image directly if they want to?
In ASP.Net we have Httphandlers which can parse a request and accordingly redirect the user, mostly we use them for url-rewriting etc.
I would like to know do we have such functionality in PHP as well, if yes a example which explains it will be very helpful.
For instance if I am requesting a image file on some server , I would like to redirect it to some page if the request if from server x
If I understand HTTPHandlers correctly, this is generally done by a bit of trickery. Obviously any request that comes in to a web server (IIS,Apache,etc.) is going to try and match to a file.
GET /index.php HTTP 1.1
This request will reach the index.php file, PHP will process that file, and then the response will be sent to the client. Obviously the client will see whatever output PHP produces.
HTTPHandlers work by seeing the incoming request and mapping that request to a segment of code (perhaps a function), but it has the luxury of telling the web server how a client should access that code via configuration.
The following is an example borrowed from microsoft which illustrates the mapping.
<httpHandlers>
<add verb="*" path="*.sync" type="MyHandler.SyncHandler, MyHandler" />
</httpHandlers>
In PHP, this can be done in a two step process. First, the web server needs to route all requests to a single PHP file. And second, that PHP file must direct the program flow.
In Apache you can configure the routing bit with a .htaccess file in the root of your website. This example will route anything that doesn't exist on disk to index.php.
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ /index.php [NC,L]
From there, PHP just needs to know what url the user was looking for, and decide what to do. This can be done by using the REQUEST_URI value passed from Apache.
$_SERVER['REQUEST_URI'];
So, if a user requests:
GET /profile/settings HTTP 1.1
REQUEST_URI would be:
$url = $_SERVER['REQUEST_URI'];
echo $url; // => "/index.php/profile/settings"
Beyond that, a person could apply a regex to REQUEST_URI and switch between a number of functions to handle the request.
some of the php frameworks offer similar functionality. if you want to redirect in php you would set the headers directly
eg
header('Location: http://www.invalid.com/newpage.pgp');
exit; // make sure to exit or the script will keep executing
if you want the current url etc, you would need to query the $_SERVER var
try this, and see what information you can get from your server
var_dump($_SERVER);
You would have to implement your own mechanism or use a framework. Zend Framework's Requests go through a similar concept but still quite different than the handlers.
I have player.php file which calls the video player to play a certain video. How can i block certain sites from accessing this file and using it to embed videos on there site. In other words What code can i use inside player.php to block certain sites from accessing this file only.
You can do this on three levels.
1) Web server
For instance, using .htaccess file if you're on an Apache server.
This could be done with a rewrite that pushes them to some dummy file or 404 or whatever you like. For example:
RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} badsite\.com [NC]
RewriteRule .* - [F]
This is really the ideal way because it precludes the need to interpret PHP.
2) PHP
In your page, use the $_SERVER['HTTP_REFERER'] (which may not be set if there is no referrer) and search for the domain in question in the string.
This is second best, and may be your only option if you can't alter the Apache configuration.
3) Javascript
Doesn't really prevent access to anything, because the check happens client-side (they've downloaded player.php and the Javascript itself prior to running it). If they went directly to the video or whatever, it wouldn't stop them from getting the file. You would use the document.referrer and search for the domain as with the PHP example.
If you are using Apache and have access to your .htaccess file, I suggest you use that instead. This page is an excellent resource.
You could try something like this, assuming player.php is in your web root:
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^player\.php.*
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?your-domain\.com/ [NC]
RewriteRule .* http://your-domain.com/please-dont-steal\.php[NC]
You're better off dealing with this issue server side, so PHP is a good bet. You'll need to examine the HTTP referrer header to see whether you're being hotlinked.
there are lots of tricks you can do with Apache mod-rewrite and/or .htaccess
When I open my site without "www", like http://mysite.com/, then there is a problem with my website hit counter on the home page, which is done through AJAX.
The problem is that counter Image is not getting displayed.
It is showing blank.
There are similar problem on other pages where I have used AJAX to retrieve data.
To the cross-domain security policy, "mysite.com" and "www.mysite.com" are different domains, therefore AJAX requests aren't allowed between them.
The simplest solution is to take the domain out of your AJAX call and use a relative url, for example "/dir/ajax-callback.php" instead of "http://www.mysite.com/dir/ajax-callback.php"
You can create .htaccess file in your root dir and put this text inside
RewriteEngine on
RewriteCond %{HTTP_HOST} ^mysite.com [NC]
RewriteRule ^(.*)$ http://www.mysite.com/$1 [L,R=301]
This will make sure that every time user enters http://mysite.com, it gets redirected to http://www.mysite.com
The server has to support .htaccess and mod_rewrite
I have two different domains that both point to my homepage in the same server.
I want to log every single access made to my homepage and log which domain the user used to access my homepage, how can I do this?
I tried mod_rewrite in Apache and logging to a MySQL database with PHP but all I could do was infinite loops.
Any ideas?
EDIT:
By your answers, I see you didn't get what I want...
As far as I know Google Analytics does not allow me to differentiate the domain being used if they both point to the same site and it also does not allow me to see that some files like images were accessed directly instead of through my webpages.
I can't also just use $_SERVER['HTTP_HOST'] cause like I just said, I want to log EVERYTHING, like images and all other files, every single request, even if it doesn't exist.
As for Webalizer, I never saw it differentiate between domains, it always assumes the default domain configure in the account and use that as root, it doesn't even display it. I'll have to check it again, but I'm not sure it will do what I want...
INFINITE LOOP:
The approach I tried involved rewriting the urls in Apche with a simple Rewrite rule pointing to a PHP script, the PHP script would log the entry into a MySQL database and the send the user back to the file with the header() function. Something like this:
.htaccess:
RewriteCond %{HTTP_HOST} ^(www\.)?domain1\.net [NC]
RewriteRule ^(.*)$ http://www.domain1.net/logscript?a=$1 [NC,L]
RewriteCond %{HTTP_HOST} ^(www\.)?domain2\.net [NC]
RewriteRule ^(.*)$ http://www.domain2.net/logscript?a=$1 [NC,L]
PHP Script:
$url = $_GET['a'];
$domain = $_SERVER['HTTP_HOST'];
// Code to log the entry into the MySQL database
header("Location: http://$domain/$url");
exit();
So, I access some file, point that file to the PHP script and the script will log and redirect to that file... However, when PHP redirects to that file, the htaccess rules will pick it up and redirect again too the PHP script, creating an infinite loop.
The best thing do would be to parse the server logs. Those will show the domain and request. Even most shared hosting accounts provide access to the logs.
If you're going to go the rewrite route, you could use RewriteCond to check the HTTP_REFERER value to see if the referer was a local link or not.
RewriteCond %{HTTP_HOST} ^(www\.)?domain1\.net [NC]
RewriteCond %{HTTP_REFERER} !^(.*)domain1(.*)$ [NC]
RewriteRule ^(.*)$ http://www.domain1.net/logscript?a=$1 [NC,L]
RewriteCond %{HTTP_HOST} ^(.*)domain2\.net [NC]
RewriteCond %{HTTP_REFERER} !^(.*)domain2(.*)$ [NC]
RewriteRule ^(.*)$ http://www.domain2.net/logscript?a=$1 [NC,L]
You may also want to post in the mod_rewrite forum. They have a whole section about handling domains.
If Google Analytics is not your thing,
$_SERVER['HTTP_HOST']
holds the domain that is used, you can log that (along with time, browser, filepath etc). No need for mod_rewrite I think. Check print_r($_SERVER) to see other things that might be interesting to log.
Make sure to still escape (mysql_real_escape_string()) all the log values, it's trivially easy to inject SQL via the browser's user-agent string for example.
So, I access some file, point that file to the PHP script and the script will log and redirect to that file... However, when PHP redirects to that file, the htaccess rules will pick it up and redirect again too the PHP script, creating an infinite loop.
Can you check for HTTP headers in the RewriteCond? If so, try setting an extra header alongside the redirect in PHP (by convention custom HTTP headers start with 'X-' so it could be header('X-stayhere: 1');), and if the X-stayhere header is present, the RewriteCond fails and it doesn't forward the browser to the PHP script.
If, however, you can cron a script to download the server logs and run them through some freeware logfile analyzer, I'd go with that instead. Having two redirects for every request is a fair bit of overhead.. (and if I was more awake I might be able to come up with different solutions)
Does Google Analytics not provide this option? Or could you not parse your server log files?
Why not use the access log facility build in apache?
Apache have a "piped log" function that allow you redirect the access log to any program.
CustomLog "|/path/to/your/logger" common