I would like to only let people view my subdomains not the original domain. And I only want the original domain to be viewed by me (I mean my IP).
hello.example.com -> view by anyone
example.com -> only view by me
is there any script that I can use for htaccess ?
thanks
Create a htaccess file on your main domain and write the following in it:
Order deny, allow
Deny from all
Allow from 123.45.67.89
Use your IP in the above code.
You can do a permanant redirection to hello.example.com. This will make sure everyone visit your site under hello.example.com. This would be more appropriate for your users.
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com [nc]
RewriteRule ^hello/(.*)$ http://hello.example.com/$1 [r=301,nc]
If you really want to show a 403 Forbidden, you can do this
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com [nc]
RewriteRule ^hello/(.*)$ / [r=403,nc]
I figured out the answer. I added this code in htaccess located at example.com
order deny,allow
deny from all
allow from MYIP
and this code to hello.example.com
order deny,allow
allow from all
I'm not sure if it's a proper way to do this, but it help me to block people from viewing example.com ( main domain ) but still let them to view the subdomain ( hello.example.com )
Related
How do I get the IP, with PHP, that I have to use for my htaccess to allow specific domains access to my content?
I used gethostbyname($_SERVER['HTTP_HOST']) to get the ip, but that seems not to be the right one?
Or maybe something is wrong with my .htaccess file?
Order deny,allow
Deny from All
Allow from 77.111.240.115
I now see that there are a lot websites hosted on this IP, is there a way to get this working?
You did mentioned that you are looking to just allow specific domains to access your website.
Try this in your .htaccess and it won't require you to deal with IPs etc.
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER}
!^http(s)?://(www\.)?yoursite.com [NC]
RewriteCond %{HTTP_REFERER}
!^http(s)?://(www\.)?othersite.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|html|php)$ - [F]
The above thing will allow access to your own website and that other website to files like jpg gif html etc.
If you want you can add other file extensions in it and if you want you can add other websites in it.
I have a wordpress site. recently under a serious ddos attack in wp-login.php. I have renamed wp-login.php to a new mysitename-login.php. and creat a new empty file with name wp-login.php. I have joined cloudflare, still received attack log in access_log. I have tried mod_evasive, but it will kill googlebot
Now I am manully add them into my .htaccess like
<Limit GET POST>
order allow,deny
deny from 108.162.253.180
deny from 173.245.48.134
deny from 173.245.49.187
deny from 173.245.51.180
deny from 173.245.54.66
deny from 108.162.219.
deny from 109.239.235.
allow from all
</Limit>
And I have an idea to create the .htaccess dynamic.
in current wp-login.php
$ip=$_SERVER['REMOTE_ADDR'];
// INSERT INTO ip_table (ip) values ($ip);
// ip is unique index
$html='<Limit GET POST>/n/r'
$html.=//select * from ip_table loop all
$html.='allow from all/n/r</Limit>';
$html.=<<<TXT
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
TXT;
file_put_content($html,'/var/www/html/.htaccess');
But I am afraid, if there have some problem during the file_put_content, the .htaccess is broken, my site will be broken too...
Any better way, to create a blacklist by using the robot access wp_login.php and no risk to be broken site?
Thanks.
Instead of creating a Blacklist, why not make a Whitelist? This wouldn't work if you allow all users to login to Wordpress, for example if you're using a membership plugin, but if only you and a few select Admins login, then just get everyone's IP address and add those to your .htaccess file like this:
## Prevent anyone not on my ip whitelist from accessing wp admin
RewriteCond %{REQUEST_URI} ^(/wp-admin|/wp-login.php).*$
RewriteCond %{REMOTE_ADDR} !=111.111.111.111
RewriteCond %{REMOTE_ADDR} !=222.222.222.222
RewriteCond %{REMOTE_ADDR} !=333.333.333.333
RewriteRule ^.*$ / [R=301,L]
What about using mod_evasive for Apache? This way you can easily block all IPs that try to connect to the certain URL very often in a short period of time.
You could block all IPs that will try to connect to your fake login page as well.
I'm having a problem with .htaccess and PHP-files in a sub folder. What I'm trying to achieve is to prevent anyone from being able to access any file in my sub folder - BUT I want my index.php to be able to access those files.
DOCROOT/subfolder -> www.somewebsite.com/subfolder/somefile.php
-> Access Denied
BUT
[index.php]
<form action="/subfolder/somefile.php">
...
</form>
-> Success!
I would love to solve this by just using .htaccess. I tried deny from alland also some RewriteRules but those Rules also kill any request from index.php.
I tried
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from somewebsite.com
Satisfy Any
but the request from index.php is being denied. Can anyone help, please?
This is a misconception that people have. Just because you're linking to PHP files from another PHP file doesn't mean the index.php file is accessing them. The end-user/browser is still accessing them, it's just it's being told where to go by your index.php file. Has absolutely nothing to do with how it's being accessed. In both of your cases, they're being accessed by the browser.
The best you can do is to look at the referer field. It can be easily forged to get around this, but it's the only thing you can do.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://(example.com|127\.0\.0\.1) [NC]
RewriteRule ^subfolder/ - [L,F]
where "example.com" is your site.
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^http://www.hello.com/index.php
RewriteRule .*subfolder/somefile\.php - [NC,F]
The second line checks whether the visitor is not coming from a certain url. The 3rd line blocks them from accessing somefile.php
In your .htaccess you could redirect any requests to files inside that directory other than index.php as follows:
<directory "DOCROOT/subfolder">
RewriteCond %{REQUEST_FILENAME} !=/DOCROOT/subfolder/index.php
RewriteRule ^/(.+)$ redirect.php [L]
</directory>
I have mp3's in a directory called /mp3/ and I want to be able to access them only from another page.php in another directory /main/ on the site.
No direct linking from outside.
All of the pages are written in php
I put this code in the .htaccess file inside the /mp3/ directory...
Order deny,allow
deny from all
allow from 127.0.0.1
allow from localhost
allow from mydomain.com
allow from 123.45.678.90 # that's myserver's IP address (real one used in code)
Satisfy Any
But none of those work.
It does work however if I use the IP address of were I am.
allow from 1.2.3.4 # my internet connection (real one used in code)
But that means it would work for anyone and their IP address.
What am I missing here? Does this work only on certain servers?
How do I make it use the server's IP address and not my IP address?
Look into "hotlink protection" added to your .htaccess file. You can set it up for just .mp3 file extension, and forbid access by any foreign site or directly from browsers. You might even be able to restrict access from within your own site, but I can't see that being terribly useful.
Something like
RewriteEngine on
Options +FollowSymlinks
# hotlink protection and allowed list
# don't forget to add https: to allow accesss for any with SSL
## uncomment following line to PERMIT direct browser access of mp3 files
#RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http://(www\.)?yourdomain\.com(/)?.*$ [NC]
RewriteRule .*\.mp3$ - [F,NC]
Place the files you want to protect out of the public folder. This way they are only accessible via your scripts.
-root
--mp3s
--public_html
---main
----index.php
----page.php
You are trying to limit a "referral" and not direct access?
Denying from an IP limits all access, whether referred to by your page.php or by typing it into the browser's URL location bar. If you're trying to limit referrals, you can try using something like:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^https?://(www\.)?yourdomain.com/ [NC]
RewriteRule ^mp3/ - [L,F]
but be warned that referers can be spoofed.
What about something like this, in your .htaccess
<Files ~ ".mp3$">
Order allow,deny
Deny from all
</Files>
This will not allow direct access to any files with .mp3 from your web server.
Place this code in your mp3/.htaccess file:
RewriteEngine on
RewriteBase /mp3/
RewriteCond %{HTTP_REFERER} !^https?://(localhost|(www\.)?mydomain\.com)/ [NC]
RewriteRule ^ - [F]
I have a page running on phpbb where I want to disable registrations from certain counteries. I've ended up with this
<Files "ucp.php">
Order Allow,Deny
Allow from all
SetEnvIf GEOIP_COUNTRY_CODE {country} BlockCountry
Deny from env=BlockCountry
</Files>
as you can see I'm using geoip to detect the country. But now the problem is that this piece of code disallows already registered users to login from those countries, but I want just the registration part which is ucp.php?mode=register.
This however doesn't work even with backslashes so I don't know how make it work.
Thanks for your help
You could do something like this in your .htaccess
RewriteEngine on
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(CA|US|MX)$
RewriteCond %{QUERY_STRING} ^(.*)mode=register(.*)$ [NC]
RewriteRule ^ucp.php$ deny_page_for_other_countries.php [L]