In my .htaccess file I have defined the following rule to make my register page URL as http://example.com/register/
RewriteRule register/ /register.php
The above rule is perfectly fine but I can access my register page from http://example.com/register/ as well as from http://example.com/register.php.
I don't want that user will be able to access the URL from http://example.com/register.php URL, is there any RULE which I can define in .htaccess to stop execution of register.php URL or simply redirect any direct register.php request to /register/
If you are doing this to avoid getting multiple links to the same content, you can simply don't use "register.php" anywhere on your page. I think no search engine will "guess" for a certain file type and if there are no security concerns you are on the safe side, because in my opinion no user will link to this file either. However if you want to be certain just reroute all your functionality through an index.php via one line in your .htaccess which should be placed inside your www-root directory:
RewriteEngine on
RewriteRule ^(.*?)$ index.php?file=$1
In your index.php you can then simply choose which function/file to invoke by breaking down and checking the $_GET["file"] parameter. To make 100% certain no one can access your register.php file directly just move it (and all your others) to a separate directory and include a .htaccess file with the following line:
DENY from all
There are a couple of other options to prevent direct access. Just define() a variable somewhere in your index.php and at the top of your register.php just put
defined('access') or die('Intruder alert!');
at the top. Another way could be to be honest and simply tell search engines that your content has been moved and that they no longer should use the old link:
header("Status: 301"); /* Content moved permanently */
header("Location: http://yourserver/Register/");
exit;
Update
Just one more thing that crossed my mind, you can also check $_SERVER["REQUEST_URI"], whether the user attached any ".php" and act accordingly by either denying access completely or just redirecting to the new location.
It is true that you cannot use location directive, but you can actually paste .htaccess file into any directory.
Just if you put this into it, say:
Options -Indexes
order allow,deny
deny from all
you can copy paste this file into any (root) directory you want to protect from external execution.
To check the initial requested URL path, you need to use the request line. So try this rule:
RewriteCond %{THE_REQUEST} ^GET\ /[^?\s]+\.php[/?\s]
RewriteRule (.+)\.php$ /$1 [L,R=301]
And then again your rule (in a slightly modified way):
RewriteRule ^register/$ register.php
If you want to completely block /register.php by using mod_rewrite, use a variant of SleepyCod's answer:
RewriteCond %{REQUEST_FILENAME} register\.php [NC]
RewriteCond %{IS_SUBREQ} false
RewriteRule .* - [F,L]
Explanation:
[NC]: Makes the condition case-insensitive, just in case you're on a windows box.
Condition 1: The requested filename is 'register.php', and
Condition 2: The request is no subrequest (this is important, since every new round through RewriteRules actually creates subrequests).
Rule: essentially do nothing
Flags: [F]: Send an 403 Forbidden header, [L]: This is the last rule to apply, skip all following rewrite rules
Rewriting correctly is an art by itself. I suggest you carefully read http://httpd.apache.org/docs/2.2/rewrite/.
Cheers,
Try this.
RewriteCond %{REQUEST_FILENAME} ^register\.php$ [NC]
RewriteRule ^/register register.php
Or this
Redirect register.php /register
Ignoring the user-experience part, you can implement the new rel=canonical link to sort out the search engines.
Although, for this case you should probably just use a 301 redirect from /register.php to /register/
In register.php
if ( stristr( $_SERVER['REQUEST_URI'], '.php' ) )
{
header ('HTTP/1.1 301 Moved Permanently');
header ('Location: /register');
}
Related
I'm working with a client who has a site with many subdomains representing different areas covered in his locksmith business. He picks up a lot of traffic from directory websites, and wants to use his domain only as the link on these websites. When someone clicks it, he wants them to be redirected based on a keyword in the referring URL.
For example, a referring Yell URL could be
yell.com/ucs/UcsSearchAction.do?keywords=locksmith&location=Watford%2C+Hertfordshire&scrambleSeed=1311994593
Client wants htaccess or something similar to pick out the keyword 'Watford' from that URL, and redirect to watford.hisbusiness.com accordingly.
This isn't something I've done before and I'm baffled. Research found no clues.
You can check HTTP_REFERER to grab information from the referring URL.
RewriteEngine on
RewriteCond %{HTTP_REFERER} yell\.com/.*\?.*\&location\=(\w+)\%2C\+(\w+)
RewriteRule ^$ http://${lower:%1}.hisbusiness.com/ [R=302,L]
The ${lower:$1} is used to make Watford lowercase. In order for this to work, you'll need to add the following to your httpd.conf or virtual host configuration file:
RewriteMap lower int:tolower
Note: The rule in place above is designed for the domain root (hisbusiness.com) only - that is to say that a request to hisbusiness.com/something won't trigger the redirect. If you'd like it to check for the URI as well, use the following rule instead:
RewriteRule ^(.*)$ http://${lower:%1}.hisbusiness.com/$1 [R=302,L]
To make the redirect permanent and cached by browsers/search-engines, change 302 to 301.
Use Header on PHP using your required conditions:
if(condition 1){
header("Location: http://mywebsite1.com");
}
if(condition 2){
header("Location: http://mywebsite2.com");
}
else{
header("Location: http://mywebsite3.com");
}
You can use [stristr][1] on the if condition.
i tryed to search everywhere for this problem but i didnt found nothing.
I want to make make a url seo friendly so i used this code:
RewriteEngine on
RewriteRule ^Homepage index.php [NC,L]
Then i want to redirect to it so i tryed to write this code:
RewriteRule ^index.php$ http://localhost/siti/socialmark/Homepage [R=301,L]
The error it's a loop of redirections, can someone help me?
SORRY FOR MY BAD ENGLISH!
The rewrite rules don't just make the URL string look different, it actually directs the user to the file at the end of the path even if you don't see it in the address bar. If Homepage is a directory containing index.php, even if that php file name doesn't appear in the URL, then it's causing a loop because it's directing you to a directory with an index.php.
The rule is executed every time that page loads. So, you're redirecting to a page which runs the redirect script, so it runs the rule to redirect again, and that causes the loop. What you want to do is create a condition that says "Don't run this code if the requested page is http://localhost/siti/socialmark/Homepage"
Something like this (you may have to adjust it)
RewriteBase /
RewriteCond %{REQUEST_URI} !=/siti/socialmark/Homepage
RewriteRule ^Homepage index.php [NC,L]
For more details, see the caveats and example here:
http://httpd.apache.org/docs/2.2/rewrite/flags.html#flag_l
so I have this htaccess entry:
RedirectMatch /([a-zA-Z0-9]+).php /dirA/$1.php
The goal is that any .php that is on the root directory should be redirected to /dirA/*.php
eg. suppose I make the request
domain.com/something.php
it should instead redirect to
domain.com/dirA/something.php
However when I put that entry in my .htaccess file and then I go to domain.com/something.php
it instead returns
"The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for
this address in a way that will never complete."
Any idea how I can modify my htaccess to accomplish what I want to do?
Updated Question
Also is there a way to make it so that it only redirects if the file doesn't exist in the root directory...hence if x.php exists in root, serve that x.php otherwise redirect to dirA/x.php
mod_rewrite is an overkill for this, you were on the right track with RedirectMatch. Your rule, however, is a bit faulty: the regex /([a-zA-Z0-9]+).php matches all string that contain the specified substring, so it matches "/foo/bar/baz.php", but also "dirA/foo/bar.php" (and even "/foo/bar.php/baz.php"I. Your redirection ended up in an endless loop because there was no stop condition: /dirA/foo.php was redirected to /dirA/foo.php.
You can remedy the situation by using anchors in the regex:
RedirectMatch ^/([a-zA-Z0-9]+).php$ /dirA/$1.php
As for your second question: that might indeed call for mod_rewrite. Something along these lines should do the trick:
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([a-zA-Z0-9]+).php$ /dirA/$1.php [R=301]
I haven't tested it, but this should get you started. Make sure to check out the manual for details, or just search around on SO, there are tons of questions about this.
Try this
RewriteEngine On
RewriteRule ^([a-zA-Z0-9]+).php /dirA/$1.php [R=301,L]
This one should be just fine
RewriteRule ^(.*)$ /subdir/$1
When my client adds a page to the site, the new pagename should be appended to a RewiteRule regex. So with, for instance fwrite(), I would like PHP to change that RewiteRule regex with values retracted from the database. If this could be done, are there any pitfalls in the process?
Edit: handling in a PHP script would be the solution, if there would'nt be more to it...
First domain/index.php?page=pagename is 301 redirected to "domain/pagename"
to warn the visitor this page is permanently moved - (this is the old
PUBLIC location of the URL and should give this 301). Then requests
like "domain/pagename" (the new public location), would be
silently,internally rewritten to domain/index.php?page=pagename where
verification takes place and a 404 is given when not valid. But just
the key, the "page" part of ?page=pagename, is static and can be
verified and will give a 404 directly from within the .htaccess . Now,
requests like domain/index.php?page=crap will first nicely give a 301
like the valid domain/index.php?page=pagename does, and only when
arrived in the index.php can be identified as crap. So there is still
a need to get the pagenames from the database to inside the .htaccess.
This is a sample of the .htacces content to give some background to this problem:
ErrorDocument 404 http://localhost/testsite/404.php
RewriteEngine on
RewriteBase /testsite/
## block craprequests without extension like domain/crap > 404
# The requests domain/pagename that do not go to existing pages, will now be redirected with a 302 to index.php?page=pagename and only then give a 404 through the errorcheck in the code.
# This should be done here, with a RewriteCond regex with database content
RewriteCond %{REQUEST_URI} !404.php$
RewriteRule .* 404.php [R=404,L]
## block-direct-queries ##
RewriteCond %{QUERY_STRING} !marker=1$
RewriteCond %{QUERY_STRING} page=(.*)
RewriteRule ^.*$ %1? [R=301,L]
## strip-extensions ##
RewriteCond %{QUERY_STRING} !.
RewriteCond %{REQUEST_URI} !404.php$
RewriteRule ^([\w+%*\d*\+*\-*]+)\.(php[\s]{0,3}|htm[\s]{0,3}|html[\s]{0,3})$ $1 [R=301,L]
## put-querystring
RewriteRule ^([\w\-_]+)\/?$ index.php?page=$1&marker=1 [L]
I'm sorry to keep repeating this back to you, but there just isn't a need for storing the page name in the .htaccess. This can all be done much more simply in PHP.
The only rewrite rule you need is this:
RewriteCond %{REQUEST_URI} !^/?index\.php$
RewriteRule .* /index.php [L,QSA]
Now, in PHP, you can do something like this:
// The important point here is that $_SERVER['REQUEST_URI'] contains the actual
// path the user typed into their browser, which is what you are interested in
if (strtolower(basename(parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH))) === 'index.php') {
// The user directly requested index.php
if (!empty($_GET['page']) || value_of_page_is_crap()) {
// The user requested a bad page
header("{$_SERVER['SERVER_PROTOCOL']} 404 Not Found");
} else {
// Redirect to correct URL
header("{$_SERVER['SERVER_PROTOCOL']} 301 Moved Permanently");
header("Location: http://{$_SERVER['HTTP_HOST']}/{$_GET['page']}");
}
exit;
}
// The request is allowed to continue
$requestedPage = pathinfo($_SERVER['REQUEST_URI'], PATHINFO_FILENAME);
The .htaccess will route every single request blindly through PHP, where much more precise logic than mod_rewrite's clunky PCRE-based rules can be used.
The PHP script examines the URI the user typed into their address bar in the browser. If they directly requested index.php, it will check whether $_GET['page'] contains a sensible value and if it does, redirect them to the correct URL, if not respond with a 404. If the user did not request index.php directly, the script can continue. I have added an example line to show how you could extract the value of the page they requested, but how you continue on from here is up to you.
This will most likely be possible (although writing permissions may be an issue). However wouldn't it be a better way to route all requests from the client through the index.php file and let PHP handle the routing.
This way you will be maximum flexible and you don't have to do "hacky" stuff.
EDIT
All forms of redirect can be done from PHP. E.g. an example of a 301 redirect:
header ('HTTP/1.1 301 Moved Permanently');
header ('Location: http://example.com/new/path'); // note the full address
exit();
Please see the manual for more information about the use of header().
I have a basic CMS in PHP/MySQL where content managers can create pages to the system for public viewing. Each page is then available at an url such as http://www.example.com/pages.php?pid=123
Now, I want to redirect requests to http://www.example.com/pages.php?pid=123 to http://www.example.com/pages.php?pid=456.
I've already removed the pid=123 page from the db but because of the cms code the site still returns a 202 when some one tries to access the page. I thought I could use a 301 redirect in .htaccess to make the redirect work, i.e.:
redirect 301 pages.php?pid=123 http://www.example.com/pages.php?pid=456
but this doesn't work, Apache still return 202 when trying to fetch the pid=123 page. Also, I've tried using mod_rewrite, but it doesn't work:
RewriteRule ^pages.php?pid=123$ pages.php?pid=456 [R=301,L]
Any ideas what could be wrong and how I can fix the 301 redirect?
Both the Redirect and RewriteRule directive work just on the URL path. In mod_alias (Redirect directive) you can not test the query and in mod_rewrite (RewriteRule directive) you need an additional RewriteCond directive:
RewriteCond %{QUERY_STRING} (^|&)pid=123(&|$)
RewriteRule ^pages\.php$ /pages.php?pid=456 [R=301,L]
But it would certainly be better if your CMS can handle such redirects since it’s your CMS that knows best what URLs are valid and what are not.
You can perform the redirect in PHP (which probably knows more about what to redirect where) using header().
Please note that ? is a special character used by regular expressions, so your regex matches pages.phppid=123 and pages.phppid=123.
Even then, I don't think the query string (including the ?pid=123 part) is used in the URL handled by RewriteRule, so you would need to use something like:
RewriteCond %{QUERY_STRING} ^pid=123$
RewriteRule ^pages.php$ pages.php?pid=456 [R=301,L]
This shouldn't work as is, but it should give you some ideas.