I have a page running on phpbb where I want to disable registrations from certain counteries. I've ended up with this
<Files "ucp.php">
Order Allow,Deny
Allow from all
SetEnvIf GEOIP_COUNTRY_CODE {country} BlockCountry
Deny from env=BlockCountry
</Files>
as you can see I'm using geoip to detect the country. But now the problem is that this piece of code disallows already registered users to login from those countries, but I want just the registration part which is ucp.php?mode=register.
This however doesn't work even with backslashes so I don't know how make it work.
Thanks for your help
You could do something like this in your .htaccess
RewriteEngine on
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(CA|US|MX)$
RewriteCond %{QUERY_STRING} ^(.*)mode=register(.*)$ [NC]
RewriteRule ^ucp.php$ deny_page_for_other_countries.php [L]
Related
How do I get the IP, with PHP, that I have to use for my htaccess to allow specific domains access to my content?
I used gethostbyname($_SERVER['HTTP_HOST']) to get the ip, but that seems not to be the right one?
Or maybe something is wrong with my .htaccess file?
Order deny,allow
Deny from All
Allow from 77.111.240.115
I now see that there are a lot websites hosted on this IP, is there a way to get this working?
You did mentioned that you are looking to just allow specific domains to access your website.
Try this in your .htaccess and it won't require you to deal with IPs etc.
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER}
!^http(s)?://(www\.)?yoursite.com [NC]
RewriteCond %{HTTP_REFERER}
!^http(s)?://(www\.)?othersite.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|html|php)$ - [F]
The above thing will allow access to your own website and that other website to files like jpg gif html etc.
If you want you can add other file extensions in it and if you want you can add other websites in it.
I have a wordpress site. recently under a serious ddos attack in wp-login.php. I have renamed wp-login.php to a new mysitename-login.php. and creat a new empty file with name wp-login.php. I have joined cloudflare, still received attack log in access_log. I have tried mod_evasive, but it will kill googlebot
Now I am manully add them into my .htaccess like
<Limit GET POST>
order allow,deny
deny from 108.162.253.180
deny from 173.245.48.134
deny from 173.245.49.187
deny from 173.245.51.180
deny from 173.245.54.66
deny from 108.162.219.
deny from 109.239.235.
allow from all
</Limit>
And I have an idea to create the .htaccess dynamic.
in current wp-login.php
$ip=$_SERVER['REMOTE_ADDR'];
// INSERT INTO ip_table (ip) values ($ip);
// ip is unique index
$html='<Limit GET POST>/n/r'
$html.=//select * from ip_table loop all
$html.='allow from all/n/r</Limit>';
$html.=<<<TXT
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
TXT;
file_put_content($html,'/var/www/html/.htaccess');
But I am afraid, if there have some problem during the file_put_content, the .htaccess is broken, my site will be broken too...
Any better way, to create a blacklist by using the robot access wp_login.php and no risk to be broken site?
Thanks.
Instead of creating a Blacklist, why not make a Whitelist? This wouldn't work if you allow all users to login to Wordpress, for example if you're using a membership plugin, but if only you and a few select Admins login, then just get everyone's IP address and add those to your .htaccess file like this:
## Prevent anyone not on my ip whitelist from accessing wp admin
RewriteCond %{REQUEST_URI} ^(/wp-admin|/wp-login.php).*$
RewriteCond %{REMOTE_ADDR} !=111.111.111.111
RewriteCond %{REMOTE_ADDR} !=222.222.222.222
RewriteCond %{REMOTE_ADDR} !=333.333.333.333
RewriteRule ^.*$ / [R=301,L]
What about using mod_evasive for Apache? This way you can easily block all IPs that try to connect to the certain URL very often in a short period of time.
You could block all IPs that will try to connect to your fake login page as well.
I have mp3's in a directory called /mp3/ and I want to be able to access them only from another page.php in another directory /main/ on the site.
No direct linking from outside.
All of the pages are written in php
I put this code in the .htaccess file inside the /mp3/ directory...
Order deny,allow
deny from all
allow from 127.0.0.1
allow from localhost
allow from mydomain.com
allow from 123.45.678.90 # that's myserver's IP address (real one used in code)
Satisfy Any
But none of those work.
It does work however if I use the IP address of were I am.
allow from 1.2.3.4 # my internet connection (real one used in code)
But that means it would work for anyone and their IP address.
What am I missing here? Does this work only on certain servers?
How do I make it use the server's IP address and not my IP address?
Look into "hotlink protection" added to your .htaccess file. You can set it up for just .mp3 file extension, and forbid access by any foreign site or directly from browsers. You might even be able to restrict access from within your own site, but I can't see that being terribly useful.
Something like
RewriteEngine on
Options +FollowSymlinks
# hotlink protection and allowed list
# don't forget to add https: to allow accesss for any with SSL
## uncomment following line to PERMIT direct browser access of mp3 files
#RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain\.com(/)?.*$ [NC]
RewriteRule .*\.mp3$ - [F,NC]
Place the files you want to protect out of the public folder. This way they are only accessible via your scripts.
-root
--mp3s
--public_html
---main
----index.php
----page.php
You are trying to limit a "referral" and not direct access?
Denying from an IP limits all access, whether referred to by your page.php or by typing it into the browser's URL location bar. If you're trying to limit referrals, you can try using something like:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?yourdomain.com/ [NC]
RewriteRule ^mp3/ - [L,F]
but be warned that referers can be spoofed.
What about something like this, in your .htaccess
<Files ~ ".mp3$">
Order allow,deny
Deny from all
</Files>
This will not allow direct access to any files with .mp3 from your web server.
Place this code in your mp3/.htaccess file:
RewriteEngine on
RewriteBase /mp3/
RewriteCond %{HTTP_REFERER} !^https?://(localhost|(www\.)?mydomain\.com)/ [NC]
RewriteRule ^ - [F]
I would like to only let people view my subdomains not the original domain. And I only want the original domain to be viewed by me (I mean my IP).
hello.example.com -> view by anyone
example.com -> only view by me
is there any script that I can use for htaccess ?
thanks
Create a htaccess file on your main domain and write the following in it:
Order deny, allow
Deny from all
Allow from 123.45.67.89
Use your IP in the above code.
You can do a permanant redirection to hello.example.com. This will make sure everyone visit your site under hello.example.com. This would be more appropriate for your users.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com [nc]
RewriteRule ^hello/(.*)$ http://hello.example.com/$1 [r=301,nc]
If you really want to show a 403 Forbidden, you can do this
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com [nc]
RewriteRule ^hello/(.*)$ / [r=403,nc]
I figured out the answer. I added this code in htaccess located at example.com
order deny,allow
deny from all
allow from MYIP
and this code to hello.example.com
order deny,allow
allow from all
I'm not sure if it's a proper way to do this, but it help me to block people from viewing example.com ( main domain ) but still let them to view the subdomain ( hello.example.com )
I'm new to rewriting urls and wanted to know how i would rewrite
From this
/profile/4
To this
/profile.php?id=4
I have this rule so far
RewriteRule ^profile/([0-9]+)/?$ profile.php?id=$1
but it displays this in the browser
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
It displays /profile/4/index.php in the browser address bar which is incorrect.
.htaccess file
<Files .htaccess>
order allow,deny
deny from all
</Files>
Options +FollowSymlinks
RewriteEngine on
#ErrorDocument 404 /test.php
DirectoryIndex test.php
RewriteRule settings editProfile.php
RewriteRule update update.php
RewriteRule home test.php
RewriteRule ^profile/([0-9]+)/?$ profile.php?id=$1
You are pretty much there. Try using this instead
RewriteRule ^profile/(.*)$ profile.php?id=$1
I found this good free resource online to help you test your rewrite rules before you post them to your live site. This may help for the future. It looks like your rule should work as you have it posted though. The problem must be somewhere else.
Your rule is just fine so there's a redirection somewhere conflicting with it. I suppose that you don't have a real directory at /profile/4 so they main candidate left is mod_negotiation. Try this:
Options -MultiViews