I have an issue with htaccess that is blocking php script access.
this is the error message I receive when i load up the page:
You don't have permission to access /index.php on this server.
When i remove the .htaccess file i can access index.php with no issues.
The same .htaccess file was working fine on a different hosting that i use.
My .htaccess file (EDIT: rearranged after suggestion by toopay)
RewriteEngine On
<Files .*>
Order allow,deny
Allow from all
</Files>
Options FollowSymLinks
RewriteRule ^photos.+$ thumbs.php [L,QSA]
RewriteRule ^[a-zA-Z0-9\-_]*$ index.php [L,QSA]
RewriteRule ^[a-zA-Z0-9\-_]+\.html$ index.php [L,QSA]
I did try to set the file priviledges to 644, 755, 777 and still not working with any settings.
Could you please help me and see what i have wrong, as this is the first time it is happening and the same .htaccess file is working fine on a different domain (folder) on the same hosting.
Couldn't there be problem with <Files .*>? I think this is a wildcard pattern so you should use just <Files *>.
I managed to find the solution, the issue was really simple, i was missing a + before FollowSymLinks. Simple issue, few wasted hours to find the solution. The weirdest part is that the on the same hosting, different domain/folder it is working the same without the +... Anyway thank you for your help.
this is my final working code:
RewriteEngine On
Options +FollowSymLinks
RewriteRule ^photos.+$ thumbs.php [L,QSA]
RewriteRule ^[a-zA-Z0-9\-_]*$ index.php [L,QSA]
RewriteRule ^[a-zA-Z0-9\-_]+\.html$ index.php [L,QSA]
The order of your htaccess, should be...
RewriteEngine On
<Files .*>
Order allow,deny
Allow from all
</Files>
Options FollowSymLinks
RewriteRule ^photos.+$ thumbs.php [L,QSA]
RewriteRule ^[a-zA-Z0-9\-_]*$ index.php [L,QSA]
RewriteRule ^[a-zA-Z0-9\-_]+\.html$ index.php [L,QSA]
Related
I have two problems actually:
First, I’m trying to redirect several short URLs to a single page with more actions, like this:
RewriteEngine On
RewriteRule ^/login?$ ^login.php?action=login&next=$1 [L]
RewriteRule ^/reset?$ ^login.php?action=reset&next=$1 [L]
This is being written in the .conf file inside <Directory>. The problem is that the first rule gets executed, while the second doesn’t and I can’t figure why.
I also tried writing them like this:
RewriteCond %{REQUEST_URI} /login$
RewriteRule ^login.php?action=login&next=$1 [L]
RewriteCond %{REQUEST_URI} /reset$
RewriteRule ^login.php?action=reset&next=$1 [L]
I should probably mention that login.php does not reside in the root directory, but in different subdirectories.
What am I doing wrong and how can I fix it?
The second issue I have is that if I put an .htaccess file inside the root directory, the rules in the .conf file don’t get executed anymore.
Inside the .conf file I have these rules:
<Directory>
Options Indexes FollowSymLinks ExecCGI Includes MultiViews
AllowOverride All
Order allow,deny
Allow from all
RewriteEngine On
</Directory>
Why is this and how can I fix it?
Just to extend on from my comments above. Place these rules in your site root .htaccess or in httpd.conf file:
Options -MultiViews
RewriteEngine On
RewriteRule ^/?login(?:/(.*))?$ subdir1/login.php?action=login&next=$1 [L,NC,QSA]
RewriteRule ^/?reset(?:/(.*))?$ subdir1/login.php?action=reset&next=$1 [L,NC,QSA]
Option MultiViews (see http://httpd.apache.org/docs/2.4/content-negotiation.html) is used by Apache's content negotiation module that runs before mod_rewrite and makes Apache server match extensions of files. So if /file is the URL then Apache will serve /file.html.
I am asking question after so many attempts to do this. Found many results on this website but none of them worked for me.
I have a website built in PHP (no any CMS) that has URLS like
www.someweb.com/job_detail.php?job_id=123456789
I just want to convert all URLS like these
www.someweb.com/123456789
Here is my .htaccess content:
DirectoryIndex index.php
RedirectMatch 404 ^/admin/$
RedirectMatch 404 ^/admin/uploads/$
ErrorDocument 404 /page_not_found.php
<Files index.php>
Order deny,allow
deny from all
allow from all
</Files>
Please tell me how to do this? I think I need to do some change in just .htaccess
Try this:
RewriteEngine on
RewriteRule ^([0-9]+)/?$ /job_detail.php?job_id=$1 [L]
RewriteEngine on
RewriteRule "^([0-9]+)$" "job_detail.php?job_id=$1" [L]
desired:
user calls domain.tld/download/file_01.zip
htaccess calls private/download.php
file_01.zip starts to download
Note: file_01.zip must be protected from direct access.
Simplified folder structure:
root/
public/
.htaccess
index.php
private/ <<< this area is blocked from direct access >>>
files/
file_01.zip
file_02.zip
.htaccess
download.php
public/.htaccess
RewriteRule ^download/(.*)?$ ./../private/download.php?file=$1 [NC,L]
private/.htaccess (Edit)
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
</IfModule>
<IfModule mod_authz_core.c>
Require all denied
</IfModule>
download.php
$file = 'files/'.$_GET['file'];
// check: user allowed to download?
// check: more stuff (security, etc.) ...
forceDownload($file);
The RewriteRule works, but I'm getting the error Forbidden: You don't have permission to access [...] on this server, probably because the user calls the request, not the server.
Any idea?
Thanks in advance!
There is one more approach. Rename particular directory (add a single dot before it's current name, .private for example) and place this inside .htaccess file.
RewriteRule (^\.|/\.) - [F]
After adding this rule, each and every file and directory that begins with one . will be forbidden/protected, just like .htaccess it self is. :)
This will prevent access to anyone but PHP to open, view, modify file/dir contents.
Here is sample of (very common I believe) basic .htaccess *(sitting in DOCUMENT_ROOT directory) mod_rewrite rules.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule (^\.|/\.) - [F]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule ^(.+)$ /$1.php [QSA,L]
</IfModule>
Once that this is being done, You don't serve direct links to .zip or whichever file ext. You have in mind, but do that in some other fashion with favorite PHP 'tricks' of Yours. :)
If You feel that this will give You a lot of code refactoring, just because one directory, You can add those dots to zip files, and move them elsewhere, direct access to dotted files, still won't be possible.
As RiggsFolly stated in their comment.
You need to modify that private/ .htaccess file to something like:
<IfModule !mod_authz_core.c>
Order deny,allow
Deny from all
Allow from 127.0.0.1 #or your server address/etc
</IfModule>
Here is another solution, giving that your Apache version is >=2.4. (via using Require)
<IfModule !mod_authz_core.c>
Require all granted
Require ip 127.0.0.1
</IfModule>
I've look through the tutorials in web, and below is what I had done to test if mod_rewrite work.
First: Uncomment the mod_rewrite.so(#httpd.conf)
Second: Allowoverride -> Allowoverride all(#httpd.conf)
Third:(#.htaccess)
<IfModule mod_rewrite.c>
Options +FollowSymLinks
RewriteEngine on
RewriteRule ^dra/?$ draft.php [NC,L]
</IfModule>
finally: if my code work the url should be rewritten to localhost/xampp/test/dra/ according to (editted from) url-rewriting for beginner
Final result: mod_rewrite not working, as you can see in the picture. Anything that I had left out?
In httpd-xammp.conf
transform
Allowoverride AuthConfig to Allowoverride All
I think it will help you
You want:
RewriteRule ^xampp/test/dra/?$ /xampp/test/draft.php [NC,L]
Or simply:
RewriteRule dra/?$ /xampp/test/draft.php [NC,L]
The RewriteRule takes from what comes after domain/ in your case it would what comes after http://127.0.0.1/ or http://localhost/.
Also this rule is not to change your draft.php, this rule you have is to allow you to access:
http://localhost/xampp/test/dra/
And have your draft.php serve it without showing it.
I was following this tutorial, and the problem for me was the suggested line:
RewriteEngine on RewriteRule .* good.html
did not work. It has to be on two separate lines:
RewriteEngine on
RewriteRule .* good.html
My question is quite simple. I have my main page (www.domain.com/index.php)
Is there a way to redirect the user to /index.php when he only types www.domain.com?
And also remove the index.php from the url when he's on it?
I checked a bit about .htaccess, but none of the tricks seem to do the job.
Thank you!
EDIT
Here's my .htaccess:
# To set your custom php.ini, add the following line to this file:
# suphp_configpath /home/yourusername/path/to/php.ini
DirectoryIndex index.php
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
<Files .htaccess>
order allow,deny
deny from all
</Files>
Options All -Indexes
As you can see, I put DirectoryIndex index.php in it, but doesn't change it :(
Simply put
DirectoryIndex index.php
in your .htaccess
When the user types www.domain.com it'll take index.php as default index page and won't be display in the address
in the Domain control panel mention Start / Index page as index.php.
Usually index.html/htm is the default page.
You will find these option under site proerties.
Redirect / http:/your.domain.php/index.php
RewriteEngine On
RewriteBase / # URL path corresponding to this directory
RewriteRule (^|.*/)index\.php$ $1 [R]