Foreword: I know this is a bit of a security flaw, but I'd like an htaccess solution
I have a semi-private wiki (php,mysql,mediawiki) that I'd like to allow only to a specific range of IPs, except make it public (allow all) if the article title is title=public_articleName#### which I believe is ^title=public_articleName([0-9]{4})$ ?
I also use rewrite rules in toplevel htaccess so that the urls are beautified (www.site.com/wiki/article is actually www.site.com/wiki/index.php?title=article) in my case I would like www.site.com/wiki/ to be (partly) forbidden, but www.site.com/wiki/public_articleName2345 visible for all)
Any ideas ? I know you can access %{QUERY_STRING}, but I have no idea to force a 403 based on that match (except for IPs xxx.xxx.xx.xxx)
Thanks for your input
edit:clarifications
You can use the [forbidden] flag on RewriteRules:
RewriteRule index.php?title=disallow forbid.html [F]
You can combine that with a RewriteCond maybe to match IPs or prevent this rule to apply to allowed pages.
RewriteCond ${REMOTE_ADDR} !78.22.131.219
RewriteRule index.php?title=disallow forbid.html [F]
Some notes here: https://serverfault.com/questions/214512/everything-you-ever-wanted-to-know-about-mod-rewrite-rules-but-were-afraid-to-ask
It would however be heaps easier to implement this programmatically in the wiki software.
Related
I have searched for a solution of this problem all over the Internet, read various threads and articles about it but did come to a full solution for my - i think quite generic problem in mod_rewrite. Here is the issue:
I have developed a small webapp that lets users make calculations (splitting costs after holidays "who pays to whom"). Now I have come to the point where I want to make it (especially the static pages) language dependent. What seemed like no big deal by passing a get parameter ?lang= seems to be a problem for search engines according to my research - so apache mod_rewrite to the rescue to have beautiful URLs like
example.com/en/index => example.com/index.php?lang=en.
example.com/en/about => example.com/about.php?lang=en.
Moreover, users should be able to share their calculations with their friends - for this they are issued an ID after caluclation therefore a rule like
example.com/c/9842398dfalkjdsf98sfdasf => example.com/c.php?id=9842398dfalkjdsf98sfdasf
is used to call their previous calculations (language handling is done here directly in the script automatically, also this links are not needed to be indexed in any search engine).
To achieve this I have come up with these rules:
RewriteEngine on
RewriteRule ^c/([^/]+) c.php?id=$1 [L,QSA]
RewriteRule ^c/([^/]+)/ c.php?id=$1 [L,QSA]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^/]+)/([^/]+)/$ $2.php?lang=$1 [L,QSA]
RewriteRule ^([^/]+)/([^/]+)$ $2.php?lang=$1 [L,QSA]
So far these rules work - however:
Here are my questions:
1) Is this approach a good approach for language dependent sites - meaning will google index the "static" sites like "about" etc. correctly?
2) Come somebody come up with a Rewrite Rule to also have requests like
example.com/about => example.com/about.php?lang=en.
(notice the missing language parameter in the first url)
to send them to the standard language
OR should I then first get their accpted langauge and then redirect them to example.com/LANG/about
3) How should I design the language detection - especially on the homepage? Right now it works according to the rules above - howver I have seen solutions on the Internet passing everything first to a index.php which then call the disred page like
index.php?lang=en&page=about
When google "visits" it will usually not provide an HTTP_ACCEPT_LANGUAGE so will it even ever see the other language versions like example.com/it/about ?
4) Turns out that using RewriteRules kill your relative CSS, JS, picture links in your code (suprise!), however I found a page on the internet saying that this also could be handled with a RewriteRule instead of using absoulute paths in the html? (here). Unfortunately I where not able to implement it.
In a nutshell:
I am a little confused, hope somebody can help how to set up a simple SEO conform, language dependent site and that this will help others to see a best practice solution as a whole.
Thanks in advance!
Try this , thank you
RewriteEngine On
# This is to prevent the rules from looping, they only work as on-shot
RewriteCond %{ENV:REDIRECT_STATUS} 200
RewriteRule ^ - [L]
# If the url is blank, go to 'web/en/'
RewriteRule ^/?$ /web/?lang=en [L,QSA]
# If the url starts with en,es,pt-br, remove it and add ?lang=$1 ,has /web
RewriteRule ^/?(en|es|pt-br)/web(/?.*)$ /web$2/?lang=$1 [L,QSA,R]
# If the url starts with en,es,pt-br, remove it and add ?lang=$1 ,has no /web
RewriteRule ^/?(en|es|pt-br)/?$ /web/?lang=$1 [L,QSA,R]
# If the url starts with en,es,pt-br, remove it and add ?lang=$1 ,everything else
RewriteRule ^/?(en|es|pt-br)/(.+?)/?$ /$2/?lang=$1 [L,QSA,R]
i'm new to mod_rewrite, and i'm trying to convert my web address from:
website.com/profile.php?user=andy
to the following:
website.com/user/andy
This is my following code:
RewriteEngine On
RewriteRule ^user/([A-Za-z0-9]+)/?$ profile.php?user=$1 [NC,L]
I researched extensively and this does seem to be the correct way to do it, but it doesn't redirect to where i want it to, it just redirects to this:
http://website.com/profile.php?user=andy
which means i must doing something wrong...
Can anyone help me out here? I would appreciate any tips.
If you want
http://website.com/profile.php?user=andy ->301-> http://website.com/user/andy
http://website.com/user/andy means http://website.com/profile.php?user=andy
They are 2 different things, you'll need 2 rules:
RewriteEngine On
RewriteCond %{QUERY_STRING} ^user=([A-Za-z0-9]+)
RewriteRule ^profile.php /user/%1? [R=301,L]
RewriteRule ^user/([A-Za-z0-9]+)/?$ profile.php?a=b&user=$1 [L]
The first will 301 (moved permanently) redirect to the pretty url.
The second will allow your application to understand the pretty url.
Whenever you change the url scheme for a site you should take care of existing links. As such, that first rule is required/a good idea. You should not, however, need the first rule when using your own application. If your own application is generating links to profile.php?user=me - change your application code.
You have to change your URLs when outputting them in your HTML to be in the format you want (/user/andy).
mod_rewrite will rewrite /user/andy to main.php?... not the other way around.
What do you mean by my result?
mod_rewrite won't change existing links in your source code. Navigate to website.com/user/andy and you should see it work.
I have currently hit a bit of an issue with redirecting users with .htaccess and was wondering if anyone could help me.
1. Background:
I currently have a rather long domain name for the sake of this question lets refer to it as mylongdomainname.com now on this domain I have a subdomain that I use to host files, pictures etc to show friends or share with people this is files.mylongdomainname.com
now obviously the URL can get quite long as I have different directories and files. so to help reduce a bit of space I purchased another short domain, lets refer to this as small.me now what I want to do is use .htaccess and a simple PHP file to redirect small.me to files.mylongdomainname.com and pass on a file reference.
Example:
small.me/pictures/example.jpg should redirect to files.mylongdomainname.com/pictures/example.jpg
2. The problem
Basically I am unsure on the exact rewrite rule I would need to acomplish this. obviously I need a rule that will allow anything after small.me/ to be sent with the GET method to the index file which would then redirect the user accordingly. So that means that the rewrite rule will have to allow all letters, numbers and valid file name symbols to be used. I'm sure it's simple but after looking at a few tutorials and mod_rewrite help sites I still have no idea how to accomplish this.
3. The Code
.htaccess
RewriteEngine on
RewriteRule ^$ index.php?file_location=$1 [L]
obviously wrong
index.php
<?php
//Get the requested files location.
$file_location = $_GET['file_location'];
//Redirect the user to the file.
header('refresh:2; url=http://files.mylongdomainname.com/' . $file_location);
?>
4. Notes
I am aware I could just use a URL shortener, but because I am awkward I would rather it just went through my own domain, so please don't comment or answer telling me to use a shortener or to use a service like dropbox.
So can anybody help me by providing the right rule? Any help is much appreciated.
In .htaccess you can simply use:
RewriteRule ^(.*)$ http://small.me/?$1 [L]
No need for the PHP file if that's all you're trying to do.
Assuming you want this:
Picture to be shared: http://files.mylongdomainname.com/pictures/me/troll.jpg
Desired URL: http://small.me/pictures/me/troll.jpg
Remove the PHP file, just Place this in small.me's htaccess:
RewriteRule ^\/?(.*)$ http://files.mylongdomainname.com/$1 [NC,L]
The following in your .htaccess file should be all you need (no PHP file needed):
RewriteRule ^(.*) http://files.mylongdomainname.com/$1 [RL]
For more information and examples see the mod_rewrite documentation
I've always been bad at apache and used very simple solutions. Right now I have built a cms software.. but the .htaccess is starting to be a huge downsize.
I will first explain, how my friendly-urls work and look like. My language-switch is url based and always contains two characters. And it looks like this: stackoverflow.com/en/ this makes the switching really easy and since its url based.. it works well in the SEO terms. Also, if no language-id is set, then the default language will be used (stackoverflow.com/).
There are no page-ids in numbers. I have unique page-ids in text: stackoverflow.com/services.html and for SEO and folder-directories-anti-conflict purposes .html at the end..
For subpages I have "$current_page" and "$parent_page" style variables: stackoverflow.com/services/translating.html Services being the parent and translating being the current page.
Some sample code too (I nerfed it alot, so you don't think its incomplete):
RewriteRule ^(et|en|fi)\/(.+)\/(.+)\.html index.php?language=$1&pagelink=$3&parentlink=$2 [L,NC,QSA]
RewriteRule ^(.+)\/(.+)\.html index.php?language=0&pagelink=$2&parentlink=$1 [L,NC,QSA]
RewriteRule ^(.+)\.html index.php?language=0&pagelink=$1&parentlink=0 [L,NC,QSA]
How can I make the language-switch part more dynamic?
This method ..^(et|en|fi)\/.. means, that when I set up the cms, I must manually set the languages list. Best bet would be to set it somehow from the cms settings. Because, this way there are no conflicts related to folders. Is it possible global apace variable via php and then display it the .htaccess file? Something like this: ..^(LANGUAGELISTS)\/..? If this isn't possible, then next best thing would be to match 2 characters in that location and pass it as $_GET['language'].
How can I have unlimited parents dynamically?
Meaning, that the "$parent_page" is not set statically and I have unlimited children, similar to this: stackoverflow.com/services/translating/english/somesubpage.html. If that is possible, then also, how will it be used in the php, with an array?
Bounty edit
First part of the question is basically solved, unless somebody comes up with some php -> apache-array -> .htaccess way.
However, the second part of the question is still not solved. Since this is been the problem with all my projects and could possibly help somebody else in the future, I decided to add bounty to this question.
To answer your first question:
You could use RewriteRule ^([a-zA-Z]{2})([/]?)(.*)$ path/file.php?language=$1
This limits the first string to two characters and passes it on to $_GET['language']
Edit: adding RewriteCond %{REQUEST_FILENAME} !-f
and RewriteCond %{REQUEST_FILENAME} !-d will prevent conflicts with existing directories / files
Second question is much more difficult..
Update:
What Shad and toopay say is a good start in my opinion.
Using explode() to seperate levels and comparing it to the slug is quite simple.
But it's getting complicated once you want to add flexibility to the script.
function get_URL_items() {
$get_URL_items_url = $_SERVER['REQUEST_URI'];
$get_URL_items_vars = explode("/",$get_URL_items_url);
for ($get_URL_items_i = 0; $get_URL_items_i < count($get_URL_items_vars) ; $get_URL_items_i++) {
if(strlen(trim($get_URL_items_vars[$get_URL_items_i])) == 0) {
unset($get_URL_items_vars[$get_URL_items_i]);
}
}
return $get_URL_items_vars;
Let's say you you've got a website with a sub-section called "Festival" and a database filled with info for 100+ artist and you want your URLs to look like website.com/festival/<artistgenre>/<artistname>/.
You don't want to create 100+ pages in your CMS so <artistgenre> and <artistname> are some kind of wildcards.
I found it hard to achieve this without a lot of if/else statements like:
$item = get_URL_items();
if(is_user($item[2]) && is_genre($item[1]) && is_festival($item[0])) {
// do mysql stuff here
}
If I were you, I would use something like this:
.htaccess:
Options +FollowSymLinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !/main.php$
RewriteRule ^([a-zA-Z]{2})?(.*)$ main.php?lang=$1&path=$2 [L,QSA]
main.php:
$langs = array('en','de','ru'); // list of supported languages
$currentLang = isset($_GET['lang'])&&in_array($_GET['lang']) ? $_GET['lang'] : $defaultLang; // current selected language
$path = $_GET['path']; // current path
Then, in main.php you may parser path according to your needs
In answer to your bounty question I would use this:
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([A-Z]{2}\/)*(([A-Z]+\/)*)([A-Z]+)\.html$ index.php?lang=$1&parents=$2&pagelink=$4 [NC,QSA,L]
Since you want to be able to handle any number of generations/levels in your URL, have you thought about how you want to catch them in you PHP script?
You definitely don't want to be going and checking isset($_GET['parent1']);isset($_GET['parent2']) etc etc etc.
As some of the other responses have indicated, you really need to be parsing your URL inside your PHP script; to that end, my RewriteRule hands off the entire 'parents' section of the URL, which your script can then explode and parse; but doesn't interfere with normal no-parent urls. =)
I somehow think this answer won't be very popular but here goes anyway. :)
mod_rewrite reaches a point where using it the old fashioned way with regular expressions becomes annoying. I suggest you skip all the pain and swap to using an external program/script to do your rewrites. I wouldn't suggest you do rewrites on all files using this method, but instead just for the urls that most users will see and type. As long as you know how to write efficient code you can even redirect to a php script to do the rewrites (as I have done in the past on a very high traffic site) and it will not have a noticeable effect on load times. If you ever reach a point where the rewrites are the main thing slowing down your site you can then switch it out for a program written in a quicker language, however I'd be surprised if you reach that.
Some things be aware of:
You need to set a rewrite lock directive or you will get lots of crazy output.
Remember that the rewrite script is a command line PHP script. It has no knowledge of things such as the $_SERVER global. This is surprisingly easy to forget.
This script is loaded at server start so any changes to it require a server restart before they take effect.
Always test this on the command line by passing a url and checking the output before restarting the server. If your script is broken restarting the server will result in anything from non functioning rewrites to the server not starting at all.
It a bit more hassle in the beginning, but once you have set this up you will find adding new rewrite rules to be an absolute breeze and a hell of a lot more flexible.
Here is the only tutorial I was able to find on how to do this using PHP...
Using MySQL to control mod_rewrite via PHP
This is far from the standard way of doing rewrites so I imagine I'm going to cop a lot of flack for this answer. Oh well. :)
Well, for SEO part, i think its better to have slug for each article (referencing you are use this for CMS). Means in your database, you have some "translation" table which translate the requesting uri/slug and associated it with $parent_page.
I have a multilanguage site and I'm trying to rewrite the URL's with a fake directory something like this:
http://localhost/theSite/page.php?id=param&cat=param?lang=en,fr,es
to http://localhost/theSite/(en|fr|es)/page/param/param
.htaccess
Options +FollowSymLinks
RewriteEngine on
RewriteRule ^(fr|en|en)/(.*) $2.php?id=$1&cat=$2&lang=$3 [NL,QSA]
This resolves as a 404 error.
Any help will be apreciate.
RewriteRule ^(en|fr|es)/(.*?)/(.*?)/(.*) $2.php?id=$3&cat=$4&lang=$1 [NC,QSA]
I suppose you meant NC (no case), not NL. You referred to capture groups that didn't exist and repeated $2.
You're second capture will capture everything until the end of the URL. So it is possible you are doubling up on the extension or the wrong directory.
Although it shouldn't affect the redirect, you don't have a third capture, so where is $3?
Look at your headers and see where it is really redirecting to and comment back.