how to allow /.well-known/security.txt in htaccess - laravel

I want to whitelist this file only in .well-known directory .
My htaccess file
Options -Indexes
RewriteEngine on
RewriteCond %{REQUEST_URI} !^public
RewriteRule ^(.*)$ public/$1 [L]
<IfModule mod_rewrite.c>
RewriteCond %{SCRIPT_FILENAME} -d [OR]
RewriteCond %{SCRIPT_FILENAME} -f
RewriteRule "(^|/)\." - [F]
</IfModule>
my attempts
<Files .well-known/security.txt>
Allow from all
Satisfy Any
</Files>
RewriteEngine on
RewriteCond %{REQUEST_URI} !^(public|.well-known/security.txt)
RewriteRule ^(.*)$ public/$1 [L]
Conclusion !
I just want to whitelist security.txt file only in .well-known directory

RewriteCond %{REQUEST_URI} !^public
RewriteRule ^(.*)$ public/$1 [L]
This condition is in error since the REQUEST_URI server variable always starts with a slash, so the expression !^public is always successful.
(From this I assume you must have another .htaccess file in the /public subdirectory, otherwise you would get a rewrite loop.)
Once you realise this then you can modify the rule in the way you had tried. For example:
RewriteCond %{REQUEST_URI} !^/(public|\.well-known/security\.txt$)
RewriteRule ^(.*)$ public/$1 [L]
HOWEVER, your other rule blocks all requests for physical files/directories that start with a dot, so the request will still be blocked (with a 403 Forbidden). This rule is also in the wrong place for other requests (it needs to be before the rewrite to the /public subdirectory).
You are better off making an exception as a separate rule at the start of the file instead. For example, try the following instead:
Options -Indexes
RewriteEngine on
# Prevent further processing for special files
RewriteRule ^\.well-known/security\.txt$ - [L]
# Block access to all dot-files
RewriteCond %{SCRIPT_FILENAME} -d [OR]
RewriteCond %{SCRIPT_FILENAME} -f
RewriteRule (^|/)\. - [F]
# Rewrite request to "/public" subdirectory
RewriteCond %{REQUEST_URI} !^/public
RewriteRule (.*) public/$1 [L]
The <IfModule> wrapper on that one rule was superfluous.

Related

change document root with .htaccess internal redirect not working properly

Hello my fellow developers,
i need to change my document root some specific folder which holds the source code of my laravel project on a shared hosting, since my hosting plan dont let me change default document root so i cannot change my default index so i want to have to redirect it using .htaccess
for far i have been able to internally redirect with the following code
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com$
RewriteRule ^(.*)$ master/project/public/index.php
doing this i am able to redirect to desired folder, but for some reason it is not working for assets, i keep getting 404 on all the assets
master/project/public/css/[all styles]
master/project/public/js/[all scritps]
master/project/public/images/[all pictures]
master/project/public/fonts/[all fonts]
how can i achieve this without having to change urls,
internal redirect is working but i cannot figure out why all of my assets are returning 404
Try this
i m using shared hosting and this i m using for redirect asset to public dir
<IfModule mod_rewrite.c>
<IfModule mod_negotiation.c>
Options -MultiViews -Indexes
</IfModule>
#all request to public dir
RewriteEngine on
RewriteCond %{REQUEST_URI} !^public
RewriteRule ^(.*)$ public/$1 [L]
RewriteEngine On
# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [L,R=301]
# Handle Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]
</IfModule>
To redirect all request to public
#all request to public dir
RewriteEngine on
RewriteCond %{REQUEST_URI} !^public
RewriteRule ^(.*)$ public/$1 [L]
so i found solution to my problem,
this solution is what i ended up with.
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com$ [NC,OR]
RewriteCond %{HTTP_HOST} ^www.example.com$
RewriteCond %{REQUEST_URI} !master/project/public/
RewriteRule (.*) /master/project/public/$1 [L]
this way you can change the default root of the your hosting using .htaccess file. hopefully it is helpful for everybody new to .htaccess

How to redirect a child URL to parent post URL? [duplicate]

in .htaccess I would like to chop off anything after the 2nd '/'… so http://www.domain.com/parent/child/otherchild would be redirected to http://www.domain.com/parent/
Add these rules to the htaccess file in your document root:
RewriteEngine On
RewriteRule ^([^/]+)/.+$ /$1/ [L,R=301]
Not sure what you meant by pasting all that unreadable code in the comments, but you want to add exclusion conditions like I mentioned in my comments:
AddType application/octet-stream vcf
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_URI} !\.(css|js)$ [NC]
RewriteRule ^([^/]+)/.+$ /$1/ [L,R=301]
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_URI} !^/wp-content/themes/myTheme/style.css
RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
This line is an exclusion, because of the !:
RewriteCond %{REQUEST_URI} !\.(css|js)$ [NC]
That means if the URI ends with .css or .js then don't apply the rule. You can add others as needed. Say you don't want to redirect a URI like: /foo/bar/no-redirect/, then also add:
RewriteCond %{REQUEST_URI} !^/foo/bar/no-redirect/
Enable mod_rewrite and .htaccess through httpd.conf and then put this code in your DOCUMENT_ROOT/.htaccess file:
RewriteEngine On
RewriteRule ^([^/]+/).+$ /$1 [L,R=301]

.htaccess file for magento in subdirectory

We are finding it difficult to remove the redirection of my /admin to /index.php/admin, which is not allowing us to access the admin panel, at every url that should start with /admin/ gets redirected to /index.php/admin/ and it displays No input file specified. and when i remove index.php from the url it works fine.
My .htaccess file looks like this
DirectoryIndex /new/magento-k/index.php
RewriteEngine on
RewriteBase /mysubdirectory/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond $1 !^(index\.php|robots\.txt)
RewriteCond %{REQUEST_URI} !^/admin.*
RewriteCond %{REQUEST_URI} ^/index.php/admin.*$
RewriteRule ^/index.php/admin(.*) /admin$1 [R]
RewriteRule ^(.*)$ index.php?/$1 [L]
RewriteRule ^/index.php/(admin|user)($|/) - [L]
Options -MultiViews
Try putting this into your .htaccess file
RewriteRule .* /index.php [L]
and remove the other index.php rule:
RewriteRule ^/index.php/(admin|user)($|/) - [L]
Also make sure to clear cache of Magento and your browser.

mod_rewrite: don't rewrite any subdomains

Is there a way to exempt any requests to a subdomain in mod_rewrite? Right now, I have a one-page app that's redirecting everything to index.html.
<IfModule mod_rewrite.c>
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !index
RewriteRule (.*) index.html [L]
</IfModule>
But I want to make sure that calls to subdomain.mydomain.com are permanently exempt from being rewritten.
You can use a condition on the subdomain and the - substitution to stop the rewriting. From http://httpd.apache.org/docs/2.0/mod/mod_rewrite.html#rewriterule
There is a special substitution string named '-' which means: NO
substitution! This is useful in providing rewriting rules which only
match URLs but do not substitute anything for them.
Try
RewriteEngine On
RewriteCond %{HTTP_HOST} ^subdomain\.mydomain\.com$ [NC]
RewriteRule .* - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !index
RewriteRule (.*) index.html [L]

Skipping a entire directory using Helicon ISAPI rewrite v3.0

Here is my current .htaccess file. This file is in my root directory for my site.
I want to add a rule that in plain english will do the following.
COMPLETELY SHUT OFF RULES PROCESSING FOR
http://www.sc-pa.com/dr405/*.*
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} (www.sarasotaproperty.net|www.sc-pa.net|sc-pa.net|sarasotaproperty.net) [nc]
#RewriteRule ^(.*)$ http://www.sc-pa.com/$1 [R=301,NC,QSA]
RewriteRule (.*)/eurl\.axd/[0-9a-f]+ /$1 [L]
RewriteMap lc int:tolower
RewriteCond %{REQUEST_URI} [A-Z]
RewriteCond %{REQUEST_URI} !.*(js|css|inc|jpg|gif|png)
RewriteRule (.*) ${lc:$1} [R=301]
RewriteCond %{REQUEST_URI} !.*(web_content/pdf/|/dr405/).*
RewriteCond %{SCRIPT_FILENAME} !-d
RewriteCond %{SCRIPT_FILENAME} !-f
RewriteRule (?!.*/web_content/pdf/)([^/]*?\.pdf) /web_content/pdf/$1 [R=301]
RewriteRule pasite-(.*\.asp)$ /content/$1 [R=301,QSA]
RewriteRule home\.asp$ / [R=301]
#RewriteRule ^search/tpp/?$ content/search_tangible.asp
#RewriteRule ^search/?$ content/search_real_property.asp
#RewriteRule ^downloads/?$ content/downloads.asp
#RewriteRule ^(.*?view)/([^/]*)/([^/]*)(/.+)? /search/parcel_detail.asp?account=0&$2=$3 [NC,LP,QSA,R=301]
If you need to completely disable rewriting and .htaccess files for this directory and subdirectories you may use section in the HTTPD.CONF file. Here is an example:
<Directory C:/inetpub/mysite/dr405>
RewriteEngine off
AllowOverride None
</Directory>
Please note you need to use fully qualified path, i.e. C:/intepub...
If you simply want to exclude this directory so rules from current .htaccess file will not be applied you may place this rule at the beginning of your site's .htaccess file:
RewriteBase /
RewriteRule ^dr405 - [L]
RewriteCond %{HTTP_HOST} (www.sarasotaproperty.net|www.sc-pa.net|sc-pa.net|sarasotaproperty.net) [nc]
#RewriteRule ^(.*)$ http://www.sc-pa.com/$1 [R=301,NC,QSA]
RewriteRule (.*)/eurl\.axd/[0-9a-f]+ /$1 [L]
# ... etc....
Moved the site to IIS7 and used the built in rewrite module.

Resources