I'm converting a site from an ASP shopping cart to Magento. I had to switch hosts to a php server. A lot of the configurations I'm testing require that I have the site hosted on the domain (SSL, module keys, etc).
I set up the new host, have everything set up database and magento wise. But I wanted to know if there was a way to have a landing page on the root while working on magento site on the live url. so if you go to example.com it takes you to the landing page (index.html) but I can bypass this by going to example.com/index.php.
I could put this on a subdomain but that is not ideal since I don't have an SSL cert on subdomains and some of the modules won't be activated on there as well.
Any help would be greatly appreciated as it is up right now and don't want users to see the beta site.
Thanks
just make a file int the root folder and call it "maintenance.flag" magento is redirecting to the "Underconstruction"-File automatically. You might want to style that file though since the default is rather ugly
I used this .htaccess file so that only I could access the page.
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^xxx\.xxx\.xxx\.xxx
RewriteCond %{REQUEST_URI} !/index.html$ [NC]
RewriteCond %{REQUEST_URI} !\.(jpe?g?|png|gif) [NC]
RewriteRule .* /index.html [R=302,L]
</IfModule>
(replace the "x"s with your IP address)
This redirects everything to index.html, unless it's from your IP address.
If you go for the sub-directory version, just work with .htaccess to authenticate access:
http://www.htaccesstools.com/htpasswd-generator/
Otherwise, in the root folder, you may do the following
.htaccess:
DirectoryIndex index.html
AuthType Basic
AuthName "My Protected Area"
AuthUserFile .htpasswd
Require valid-user
<FilesMatch "index.html">
Allow from all
Satisfy any
</FilesMatch>
Related
I have recently completed my first laravel site, but now I am stuck with deployment. This is an entirely new concept for me. My webspace is supplied by 1&1.
I have attempted several tutorials, but none seem to work.
Based on the tutorial here at:
Uploading Laravel Project onto Web Server
I structured my server folders like so:
(note when first FTPing my server, there was no www or html_docs, only a logs folder).
In the www, my index.php was altered to:
require __DIR__.'/../laravel/bootstrap/autoload.php';
$app = require_once __DIR__.'/../laravel/bootstrap/start.php';
In the laravel/bootstrap/paths.php file I altered:
'public' => __DIR__.'/../../www',
When visiting my domain in a browser, for example: myDomain.co.uk - the site is redirected to a "placeholder" (named /defaultsite) page for 1&1 domains and states "This domain name has just been registered."
If I append /www/index.php for example, I get file does not exist, even though the file is residing in my structure above.
As you probably noticed I am very new to server side aspects such as FTPing ect. I have read a few tuts, and all seem to take a different approach, leaving me confused to the best method.
I am not sure where to go from here, so any advice is appreciated. Thank you.
Edit:
I think I actually got it working, but now when I go to domain.com/public I get what I think is a DB error:
SQLSTATE[HY000] [2002] No such file or directory.
Any Advice please?
The reason you are seeing /public/index.php is because you are pointing to the top level directory and not the /public directory. To fix this go to:
Manage domains
Expand your domain and click "Edit Destination"
Change the destination directory to /public/.
This should remove public from the URL.
This is the .htaccess file I use for 1and1 and laravel 4.2 and it removes .index.php and also uses an updated version of PHP:
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews
</IfModule>
RewriteEngine On
AddHandler x-mapp-php6 .php
AddType x-mapp-php6 .php
# Redirect Trailing Slashes...
RewriteRule ^(.*)/$ /$1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ /index.php [L]
</IfModule>
All fixed :) turns out 1&1 do not host their db name as local host, or 121.0.0.1. I simply changed the details and works a dream. next step is to get rid of the terrible /public/index url.
I'm having a problem with .htaccess and PHP-files in a sub folder. What I'm trying to achieve is to prevent anyone from being able to access any file in my sub folder - BUT I want my index.php to be able to access those files.
DOCROOT/subfolder -> www.somewebsite.com/subfolder/somefile.php
-> Access Denied
BUT
[index.php]
<form action="/subfolder/somefile.php">
...
</form>
-> Success!
I would love to solve this by just using .htaccess. I tried deny from alland also some RewriteRules but those Rules also kill any request from index.php.
I tried
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from somewebsite.com
Satisfy Any
but the request from index.php is being denied. Can anyone help, please?
This is a misconception that people have. Just because you're linking to PHP files from another PHP file doesn't mean the index.php file is accessing them. The end-user/browser is still accessing them, it's just it's being told where to go by your index.php file. Has absolutely nothing to do with how it's being accessed. In both of your cases, they're being accessed by the browser.
The best you can do is to look at the referer field. It can be easily forged to get around this, but it's the only thing you can do.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://(example.com|127\.0\.0\.1) [NC]
RewriteRule ^subfolder/ - [L,F]
where "example.com" is your site.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.hello.com/index.php
RewriteRule .*subfolder/somefile\.php - [NC,F]
The second line checks whether the visitor is not coming from a certain url. The 3rd line blocks them from accessing somefile.php
In your .htaccess you could redirect any requests to files inside that directory other than index.php as follows:
<directory "DOCROOT/subfolder">
RewriteCond %{REQUEST_FILENAME} !=/DOCROOT/subfolder/index.php
RewriteRule ^/(.+)$ redirect.php [L]
</directory>
I have mp3's in a directory called /mp3/ and I want to be able to access them only from another page.php in another directory /main/ on the site.
No direct linking from outside.
All of the pages are written in php
I put this code in the .htaccess file inside the /mp3/ directory...
Order deny,allow
deny from all
allow from 127.0.0.1
allow from localhost
allow from mydomain.com
allow from 123.45.678.90 # that's myserver's IP address (real one used in code)
Satisfy Any
But none of those work.
It does work however if I use the IP address of were I am.
allow from 1.2.3.4 # my internet connection (real one used in code)
But that means it would work for anyone and their IP address.
What am I missing here? Does this work only on certain servers?
How do I make it use the server's IP address and not my IP address?
Look into "hotlink protection" added to your .htaccess file. You can set it up for just .mp3 file extension, and forbid access by any foreign site or directly from browsers. You might even be able to restrict access from within your own site, but I can't see that being terribly useful.
Something like
RewriteEngine on
Options +FollowSymlinks
# hotlink protection and allowed list
# don't forget to add https: to allow accesss for any with SSL
## uncomment following line to PERMIT direct browser access of mp3 files
#RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain\.com(/)?.*$ [NC]
RewriteRule .*\.mp3$ - [F,NC]
Place the files you want to protect out of the public folder. This way they are only accessible via your scripts.
-root
--mp3s
--public_html
---main
----index.php
----page.php
You are trying to limit a "referral" and not direct access?
Denying from an IP limits all access, whether referred to by your page.php or by typing it into the browser's URL location bar. If you're trying to limit referrals, you can try using something like:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?yourdomain.com/ [NC]
RewriteRule ^mp3/ - [L,F]
but be warned that referers can be spoofed.
What about something like this, in your .htaccess
<Files ~ ".mp3$">
Order allow,deny
Deny from all
</Files>
This will not allow direct access to any files with .mp3 from your web server.
Place this code in your mp3/.htaccess file:
RewriteEngine on
RewriteBase /mp3/
RewriteCond %{HTTP_REFERER} !^https?://(localhost|(www\.)?mydomain\.com)/ [NC]
RewriteRule ^ - [F]
I have a Zend aplication that uses a hatccess and redirects everything to index.php, but now i need to use a password protect folder in one of the subfolder, but when i tried to acess the subfolder keep giving me 404 error.
here the zend htaccess in the public_html folder:
RewriteEngine On
RewriteRule !\.(js|txt|ico|gif|GIF|jpg|JPG|png|PNG|css|swf|pdf|xml|XML|eot|svg|ttf|woff)$ index.php
SetEnv APPLICATION_ENV "production"
here the subfolder htaccess:
RewriteEngine off
AuthType Basic
AuthName "*folder*"
AuthUserFile "/home/*user*/.htpasswds/public_html/*folder*/passwd"
require valid-user
i tried to add RewriteRule ^blog/ - [L]to the public_html folder as i see in:
Overwrite rewrite-rule of htaccess in parent folder
but it didnt work. what is weird is that if i take the password part of the subfolder htaccess, the "rewriteEngine off" work and i got a list of the files in that folder.
Obs: the server is a apache 2.2.25, so rewriteOptions InheritBefore is not a options
Obs2: the folder and user is not like that on the actual htaccess that was just to hide the names.
Obs3: im a noob in server configurations :)
This usually works for me. Paste code in the parent htacesss underneath your RewriteRule
RewriteRule ^(blog)($|/) - [PT,L]
I read an article on my host on how to set a subfolder as the root of my domain, but it misled me into believing requests would all be sent to the /subfolder/ and not at all to the root, and that was not the case.
I'm using this code in .htaccess in the root and unfortunately, it's not working as desired.
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?domain.com$
RewriteCond %{REQUEST_URI} !^/subfolder/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /subfolder/$1
RewriteCond %{HTTP_HOST} ^(www.)?domain.com$
RewriteRule ^(/)?$ subfolder/index.php [L]
What I'm trying to achieve is the following:
Root in /subfolder/
All requests to the original true root being denied as if it didn't exist at all. Such as phpinfo.php, php.ini, any page or miscellaneous item in there being denied access by the error handling set in the /subfolder/. Any request to "domain.com/whateverhere" absolutely always sent to /subfolder/.
If possible, restrict any ability to go to domain.com/subfolder/ to show a 404. I suppose a redirect is equally effective though.
I currently use a /resources/ folder in the root which is at domain.com/resources/ which contains scripts, css, images, etc. and even though the rewrite is in place to set the /subfolder/ to root, requests to domain.com/resources/ are still being accepted even though it's not in the /subfolder/. As I said before, I'd like to know how I can truly restrict any access to the true root, and force all requests to the /subfolder/.
All in all, I'd like the "root" to be completely set as the /subfolder/, have important files like phpinfo.php and php.ini in the actual root inaccessible, and still use .htaccess in the true root as usual.
I know I'm asking a lot here, so I apologize heh.
Thank you in advance to anyone who can assist.
You can add a .htpasswd file to your subfolder:
.htpasswd
admin:$apr1$EvV5M50w$9IgAqskEg5r2pIIXUzQyp0
And define it in your subfolder/.htaccess file like this:
AuthUserFile /www/site/.htpasswd
AuthType Basic
AuthName "My secret place"
require valid-user
Now opening your subfolder, you will be asked far a password and a username ( admin / admin in my example ).
And to set it as the starting folder, you can always just add
<?php header( 'Location: /subfolder/' ); die; ?>
at the very top of your index.php file, so it will always redirect you to the subfolder.