I have a system that has both a front end and an administration area.
currently i am giving the admin area a subdomain.
what i'd like to do it have it as a sub directory, e.g http://domain.com/admin
but the admin area is set up to be placed in root.
can i put something in my .htaccess to make the sub directory "/admin" think its the root?
If you have access to subdomains, you could place the admin interface under admin.domain.com, and use domain.com/admin as a redirect.
It's horrid, but so the software's requirement on placement.
I don't think so. First, neither 'DocumentRoot' nor 'Alias' can occur in .htaccess.
But anyway, if you think about it, by the time it reads your .htaccess it's interpreted the paths, so it's too late to change them.
I'm not sure if you might be able to do what you want with rewriting.
Related
I have been reading on how to protect my .php includes. The main suggested option is to place the .php files I want to protect outside the folder that serves the .php files which is /public_html in my case.
So, I decided to make a folder named /includes and I access my .php includes from the /public_html .php files like ../includes/file.php. This works nicely but I am being a bit paranoid.
Can I go ahead and add an .htaccess with the following line on /includes:
Deny from all
I know the user is not supposed to access the /includes in my case. Though, would that .htaccess file in /includes hurt me in any case?
Thank you.
A really good way is to have a front controller (FC) manage all of your resource requests, and htaccess to route everything to the FC.
Then if someone tries to access something on your site it'll be routed through FC. It will in turn call a router which should only allow loading of files this way which are in a specific directory.
So attempting to navigate to (eg) includes/someScript.php wont work because FC wont route a web request into the includes dir.
This won't affect your requiring them within PHP files as this request wont go through the FC.
I have a domain example.com that has a folder in it example.com/folder/ that has another domain that points directly to it so example2.com points to example.com/folder/
When I access this via example.com/folder/ everything works fine and I can access my css and js folders which are a level below the folder in example.com/css/ and example.com/js/
When accessing from example2.com I don't see the css or js on the site and I get a 404 when trying to link directly to them by clicking the link in the view source output in firefox.
I should also mention that I have no problem with PHP includes that come from below the folder example2.com points to, just with the relative URLs referenced in the HTML.
Any idea how to get the site to let me access these folders below the root of example2.com from both example1.com/folder/ and example2.com?
I'm using a LAMP system. Also, my goal is to keep the system flexible enough that I can use it in multiple sets of domain/subdomain without having to edit server files or PHP.
EDIT - I "solved" this by adding a field in my db for the root domain all the subdomains will stem from and making static URLs for the linked js and css. This doesn't seem like the most elegant way to deal with it but it's the best I can think up right now. If anyone has any better let me know!
Just a guess, but sounds like <base href=> is needed.
In your case:
<base href="http://example1.com/folder/_">
That will make all relative URLs request resources from example1, even if users come visit on your example2.com vhost. Though all links will then also redirect people there. It affects both JS/IMGs and clicky things.
From what you have described you folder organisation looks like this:
/path/to/domain/folder/
/css/ ^
^ |
| domain2.com
domain.com
PHP on domain2.com won't have a problem accessing ../css because it operates on the server, but a browser can't go further back then /path/to/domain/folder/.
I would suggest to create a symbolic link (if possible) on the server:
ln -s /path/to/domain/css /path/to/domain/folder/css
Alternatively, you could use Alias in Apache to set up aliases for domain2.com/css to /path/to/domain/css/
Lastly, a <base> tag could help you (as mentioned by mario), but any links followed from a page with such a tag will switch back to `domain1``.
In order to keep the system as flexible as I wanted it I decided to put both the example1 url into the database and the folder name so I can construct absolute links to the files I need to access in the HTML page. This also seems necessary with my mod_rewrite, which changes tries to tack the locations of these files to the end of the "pretty URL" (like example2/post/2/css/main.css). Thanks for your ideas you steered me in the right direction!
So I'm on a 15-day trial of my (already paid) webhosting and they seem very good, at least they did until I got my FTP.
I have a php script that needs a folder outside of the root directory
Example:
website root:
/users/websites/public_html/ <- folder which users / browsers have access to
The script needs a folder here:
/users/websites/ <- above the root
for example /users/websites/sensetive_data/ <- browsers cannot acces this
but that's impossible on my web-host "because it's a shared hosting" <- their answer. And they can't change the root path.
So I cannot create any directories or files above /users/websites/public_html/
So, well, to no cancel my trial immediately, maybe I will try to do it in another way, I want to use htacces to restrict acces to a directory, and all the files in it and it's subdirectories,
So I can move the 'sensetive_data' folder to /users/websites/public_html/sensetive_data
I want it to redirect to the main page (so when accessing /users/websites/public_html/sensetive_data/* [http://example.com/sensetive_data/*] it will go to /users/websites/public_html/ [http://example.com/],
so even if the user knows the exact url, he/she will be redirected. How can I accomplish that?
If you want to do a redirect for a folder, say /users/websites/sensitive_data/
create a file in that folder called .htaccess and add the following (and specify the url to redirect to)
Options -Indexes
ErrorDocument 403 http://mysite.net/
In /users/websites/sensetive_data/.htaccess write:
Deny From All
For your whatever PHP script you need to change it yourself.
I have a website that has an include folder which contains php templates and functions. If a user tries to access that folder. It may not harm website but I don't want my users to see those templates in an UN-organized manner. Instead, I want to restrict the user if he tries to directly access those files within include folder and redirect him to homepage.
Put this in an .htaccess file in that directory:
Deny from all
This is assuming you're using Apache or another web server that knows how to read and process .htaccess files.
For the redirect, instead of Deny from all you could try this instead:
RedirectMatch 301 ^/includes/$ http://www.yoursite.com/
You can configure the server such that this folder is not available to the public. Alternately, structure the site so this folder is below the siteroot - this makes it completely invisible to the public. Simply adjust your include paths and you're done. I prefer this solution, because the files are completely off the radar unless you are logged in and have access to the file system.
I'm looking to create an admin backend for a website and I'd like each administrator to have their own personal URL to their admin folder which they can specify upon registration, the folder name they type will then be saved in a MySQL database.
I'd then like a .htaccess file to be able to read the URL a user enters and if it's in a users 'admin folder' field in the database it'll rewrite a folder name (for this examplpe we'll call it 'admin') so the user can use their own URL from the database but redirect them to /admin.
For example..
Username - Folder name
richard - myhiddenfolder
A .htaccess file should then grab the current logged in users folder name (set by something like $_SESSION['folder_name']) and load /admin, still displaying the users folder name in the browsers address bar.
Edit
Sorry, my overall question is, how can I grab the session var 'folder_name' and parse it in the .htaccess file to rewrite a folder called 'admin'.
Technically something like that is possible using either mod_rewrite or just plain ol' symlinks (if you got the permissions to do so).
If you go with mod_rewrite, you'll find RewriteMap convinient. However, declarations of RewriteMaps cannot be made in a per-directory Context (this includes .htaccess files), so you need to change the http servers configuration, which is probably not what you want.
You could still change the .htaccess from within your php script each time a user changes his custom folder name. You would then generate rules like:
RewriteCond %{HTTP_COOKIE} (^|;|\s)custom_folder=custom/path(;|$)
RewriteRule /custom/path /admin
This requires the custom path to be set as a cookie. Sadly, there is no way to refer to the cookies value in the RewriteRule test (only in the substitition which is not what we want).
Also make sure that the custom paths do not conflict with any real paths, as that would break the site for the corresponding user.
For symlinks, every time a user changes his admin folders name, you create/remove/update the symlink for him. Of course you still had to check for admin permissions in the admin scripts, as the symlinks are global.
Independent from which method you choose, make sure you check for admin privilegues in your admin scripts.
Edit:
My reply was a little too early for the edited question, so an answer to that would be: It's not possible to directly access php session data from within an .htaccess. You could try to play around with prg: RewriteMaps though.